Unrated severityNVD Advisory· Published Nov 15, 2014· Updated Jun 17, 2026
CVE-2014-4975
CVE-2014-4975
Description
Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
33cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*range: <=1.9.3
- cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.1:-:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.1:preview1:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- osv-coords9 versionspkg:rpm/suse/ruby2.1&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/ruby2.1&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/ruby2.1&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/ruby2.1&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/ruby2.1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/ruby2.1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/ruby2.1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/ruby2.1&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/ruby2.1&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2
< 2.1.9-15.1+ 8 more
- (no CPE)range: < 2.1.9-15.1
- (no CPE)range: < 2.1.9-15.1
- (no CPE)range: < 2.1.9-15.1
- (no CPE)range: < 2.1.9-15.1
- (no CPE)range: < 2.1.9-15.1
- (no CPE)range: < 2.1.9-15.1
- (no CPE)range: < 2.1.9-15.1
- (no CPE)range: < 2.1.9-15.1
- (no CPE)range: < 2.1.9-15.1
Patches
Vulnerability mechanics
References
14- advisories.mageia.org/MGASA-2014-0472.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2014-1912.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2014-1913.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2014-1914.htmlnvdThird Party Advisory
- svn.ruby-lang.org/cgi-bin/viewvc.cginvdVendor Advisory
- www.debian.org/security/2015/dsa-3157nvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/68474nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-2397-1nvdThird Party Advisory
- bugs.ruby-lang.org/issues/10019nvdVendor Advisory
- www.mandriva.com/security/advisoriesnvdBroken Link
- www.openwall.com/lists/oss-security/2014/07/09/13nvdMailing List
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
- exchange.xforce.ibmcloud.com/vulnerabilities/94706nvd
News mentions
0No linked articles in our index yet.