Twenty Year Anniversary
Showing 1 - 10 of 10 RSS Feed

CVE-2014-8080

Status Candidate

Overview

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.

Related Files

Apple Security Advisory 2015-09-30-03
Posted Oct 1, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-09-30-03 - OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior releases.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2013-3951, CVE-2014-2532, CVE-2014-3618, CVE-2014-6277, CVE-2014-7186, CVE-2014-7187, CVE-2014-8080, CVE-2014-8090, CVE-2014-8146, CVE-2014-8147, CVE-2014-8611, CVE-2014-9425, CVE-2014-9427, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0235, CVE-2015-0273, CVE-2015-0286, CVE-2015-0287, CVE-2015-1351, CVE-2015-1352, CVE-2015-1855, CVE-2015-2301, CVE-2015-2305, CVE-2015-2331
MD5 | 394e001ee3e97a0e28026a7e3dd1db7f
Mandriva Linux Security Advisory 2015-129
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-129 - Due to unrestricted entity expansion, when reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service. Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Due to an incomplete fix for 100% CPU utilization can occur as a result of recursive expansion with an empty String. When reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service.

tags | advisory, denial of service, arbitrary, ruby
systems | linux, mandriva
advisories | CVE-2014-4975, CVE-2014-8080, CVE-2014-8090
MD5 | 3e6643692ef3f8dbc26a63d36acc5a9d
Debian Security Advisory 3159-1
Posted Feb 11, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3159-1 - It was discovered that the REXML parser, part of the interpreter for the Ruby language, could be coerced into allocating large string objects that could consume all available memory on the system. This could allow remote attackers to cause a denial of service (crash).

tags | advisory, remote, denial of service, ruby
systems | linux, debian
advisories | CVE-2014-8080, CVE-2014-8090
MD5 | 0a02a82ca6ac603efa51bc40edbdd677
Debian Security Advisory 3157-1
Posted Feb 9, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3157-1 - Multiple vulnerabilities were discovered in the interpreter for the Ruby language.

tags | advisory, vulnerability, ruby
systems | linux, debian
advisories | CVE-2014-4975, CVE-2014-8080, CVE-2014-8090
MD5 | d73d81cf5b01b893dcb17767e9195800
Gentoo Linux Security Advisory 201412-27
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-27 - Multiple vulnerabilities have been found in Ruby, allowing context-dependent attackers to cause a Denial of Service condition. Versions less than 2.0.0_p598 are affected.

tags | advisory, denial of service, vulnerability, ruby
systems | linux, gentoo
advisories | CVE-2011-0188, CVE-2011-1004, CVE-2011-1005, CVE-2011-4815, CVE-2012-4481, CVE-2012-5371, CVE-2013-0269, CVE-2013-1821, CVE-2013-4164, CVE-2014-8080, CVE-2014-8090
MD5 | 813b38bb3f2ea9ccac81d5704af95024
Red Hat Security Advisory 2014-1914-01
Posted Nov 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1914-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash.

tags | advisory, denial of service, overflow, ruby
systems | linux, redhat
advisories | CVE-2014-4975, CVE-2014-8080, CVE-2014-8090
MD5 | 0eb8d46493dde6ab962a9c6cea3a9e40
Red Hat Security Advisory 2014-1913-01
Posted Nov 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1913-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash.

tags | advisory, denial of service, overflow, ruby
systems | linux, redhat
advisories | CVE-2014-4975, CVE-2014-8080, CVE-2014-8090
MD5 | 32dd5b679d826a9757290e0883176953
Red Hat Security Advisory 2014-1912-01
Posted Nov 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1912-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash.

tags | advisory, denial of service, overflow, ruby
systems | linux, redhat
advisories | CVE-2014-4975, CVE-2014-8080, CVE-2014-8090
MD5 | 3274bc2cc840ebddceee2bcc8fabdb99
Red Hat Security Advisory 2014-1911-01
Posted Nov 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1911-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. The CVE-2014-8090 issue was discovered by Red Hat Product Security.

tags | advisory, denial of service, ruby
systems | linux, redhat
advisories | CVE-2014-8080, CVE-2014-8090
MD5 | 78a9c5f874333aa5d0e55200fda9341a
Ubuntu Security Notice USN-2397-1
Posted Nov 4, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2397-1 - Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Willis Vandevanter discovered that Ruby incorrectly handled XML entity expansion. An attacker could use this flaw to cause Ruby to consume large amounts of resources, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, ruby
systems | linux, ubuntu
advisories | CVE-2014-4975, CVE-2014-8080
MD5 | 8ac610ac17e23a5965e32f8ec98a58fc
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    8 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    32 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    2 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    15 Files
  • 21
    Jun 21st
    15 Files
  • 22
    Jun 22nd
    7 Files
  • 23
    Jun 23rd
    2 Files
  • 24
    Jun 24th
    1 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close