CVE-2013-4164

MEDIUM Year: 2013
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-119
View all →

Vulnerability Description

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.

Related Vulnerabilities

CVE-2015-0565

CRITICAL
CVSS:10.0(Critical)

NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible.

CWE-1192015

CVE-2015-8459

CRITICAL
CVSS:10.0(Critical)

Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe A...

CWE-1192015

CVE-2015-8659

CRITICAL
CVSS:10.0(Critical)

The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.

CWE-1192015

CVE-2016-1931

CRITICAL
CVSS:10.0(Critical)

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exec...

CWE-1192016

CVE-2016-8352

CRITICAL
CVSS:10.0(Critical)

An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20...

CWE-1192016

CVE-2017-10920

CRITICAL
CVSS:10.0(Critical)

The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, which allows guest OS users to cause a denia...

CWE-1192017