Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes)
From: cve-assign () mitre org
Date: Thu, 17 Jul 2014 14:48:21 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Use CVE-2014-4975 for the issue that was fixed in:

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=46778

This is an issue that is mentioned in:

  https://bugs.ruby-lang.org/issues/10019

but no final information is yet available about whether this is the
same as the issue specified by the Description section of Bug #10019.
At this point, it seems likely that that Description section will be
mapped to a different CVE ID for a vulnerability related to pack("m0")
calls.

Note that, within the two references above, the CVE-2014-4975 issue is
referred to by all of these terms:

  - the off-by-one issue
  - the off-by-one overflow
  - the pack.c encodes buffer overrun fixed in Revision 46778

Those three phrases above refer to the same issue.

The issue that doesn't have a CVE ID might be referred to by all of
these terms:

  - the issue from the Bug #10019 Description section
  - the issue from the reporter
  - the original Will Wood report
  - the issue reported for an AWS sample
  - the issue involving the aws-sdk gem or its dependencies
  - the issue involving pack("m0") calls

Finally, just to clarify, the issue that doesn't have a CVE ID is also
called "buffer overrun in pack.c (encodes)" but this might or might
not be the same as "the pack.c encodes buffer overrun fixed in
Revision 46778."

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTyBnAAAoJEKllVAevmvmsSMUH/jxTMolgs5Sy8rl8OLYT2bez
VFguZQLdS5OAOhVbUX8Ju25lbKkyGQ4743NShvKT5K9Uw/REcLmU6et57Bzf2ZhR
+8AuKCiYDROpu9DpXkk2epWI31W8oIV74exvlEms3B1VkEJBggxUb1TPemEBj23Z
80z2MGm61hNBTkjuDnjh0Z2kStn9iBYAIw8+tTePzbTCPzwCXi6/n+rtyzx+m93A
ocnz1Wrqkrjy0lA6FsSayYI9eympbl6o9t3KYaKPvLcBVwOVRhZRSTKjuweBMj37
YmxgJAuCD+8OTV5aW2C0lYVMkLzmthlJj/PiE7XarNNHQRQDsYcKDOaNoJ/6MTg=
=4Kug
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault