VYPR
Unrated severityNVD Advisory· Published Apr 24, 2014· Updated Jun 17, 2026

CVE-2014-2734

CVE-2014-2734

Description

The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operations. NOTE: this issue has been disputed by the Ruby OpenSSL team and third parties, who state that the original demonstration PoC contains errors and redundant or unnecessarily-complex code that does not appear to be related to a demonstration of the issue. As of 20140502, CVE is not aware of any public comment by the original researcher

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

13
  • Ruby Lang/Ruby12 versions
    cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:2.1:-:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:2.1:preview1:*:*:*:*:*:*
  • Range: 2.x

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.