CVE-2014-3916 Information

Description

The str_buf_cat function in string.c in Ruby 1.9.3 2.0.0 and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.

Reference

http://seclists.org/oss-sec/2014/q2/362 http://seclists.org/oss-sec/2014/q2/375 http://www.securityfocus.com/bid/67705 https://bugs.ruby-lang.org/issues/9709 https://exchange.xforce.ibmcloud.com/vulnerabilities/93505