GCVE - cpe:2.3:a:ruby-lang:ruby:2.1:preview1:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ruby-lang:ruby:2.1:preview1:*:*:*:*:*:*

part: a version: 2.1 update: preview1

Vendor	Ruby Lang (`5813a634-c286-5f1d-90d5-a1a352f78d39`)
Product	Ruby (`48f7c14c-c576-5b15-be87-22eeb9add91e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/ruby/ruby`	purl2cpe	2026-06-01 10:11:45.610090
`pkg:ruby-lang/ruby`	purl2cpe	2026-06-01 10:11:45.610091

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-4975`	vulnerable	2026-06-03 14:34:05.114577	Details available Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow. Published: 2014-11-15T20:00:00.000Z Updated: 2024-08-06T11:34:36.647Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2014/07/09/13 http://rhn.redhat.com/errata/RHSA-2014-1912.html http://www.securityfocus.com/bid/68474 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://rhn.redhat.com/errata/RHSA-2014-1913.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-2734`	vulnerable	2026-06-03 14:33:51.760268	Details available The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operations. NOTE: this issue has been disputed by the Ruby OpenSSL team and third parties, who state that the original demonstration PoC contains errors and redundant or unnecessarily-complex code that does not appear to be related to a demonstration of the issue. As of 20140502, CVE is not aware of any public comment by the original researcher Published: 2014-04-24T23:00:00.000Z Updated: 2024-08-06T10:21:36.074Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/126218/Ruby-OpenSSL-Private-Key-Spoofing.html http://www.osvdb.org/106006 https://news.ycombinator.com/item?id=7601973 http://www.securityfocus.com/bid/66956 http://seclists.org/fulldisclosure/2014/May/13	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-4164`	vulnerable	2026-06-03 14:33:10.041412	Details available Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse. Published: 2013-11-23T19:00:00.000Z Updated: 2024-08-06T16:30:50.071Z Open on db.gcve.eu Reference links https://puppet.com/security/cve/cve-2013-4164 http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00028.html http://www.ubuntu.com/usn/USN-2035-1 http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.