ruby

Page content
  • Author: kikadf
  • Vulnerable: 1.9.2-2
  • Unaffected: 1.9.2-3arcturus1

Off-by-one error in the encodes function in pack.c, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow. Tomas Hoger discovered that Ruby incorrectly handled XML entity expansion.

CVEs: