CVE-2014-8080

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.

Affected Software

Name	Vendor	Start Version	End Version
Opensuse	Opensuse	12.3 (including)	12.3 (including)
Opensuse	Opensuse	13.1 (including)	13.1 (including)
Red Hat Enterprise Linux 6	RedHat	ruby-0:1.8.7.374-3.el6_6	*
Red Hat Enterprise Linux 7	RedHat	ruby-0:2.0.0.353-22.el7_0	*
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6	RedHat	ruby193-ruby-0:1.9.3.484-50.el6	*
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6	RedHat	ruby200-ruby-0:2.0.0.353-24.el6	*
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS	RedHat	ruby193-ruby-0:1.9.3.484-50.el6	*
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS	RedHat	ruby200-ruby-0:2.0.0.353-24.el6	*
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS	RedHat	ruby193-ruby-0:1.9.3.484-50.el6	*
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS	RedHat	ruby200-ruby-0:2.0.0.353-24.el6	*
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS	RedHat	ruby193-ruby-0:1.9.3.484-50.el6	*
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS	RedHat	ruby200-ruby-0:2.0.0.353-24.el6	*
Red Hat Software Collections 1 for Red Hat Enterprise Linux 7	RedHat	ruby193-ruby-0:1.9.3.484-50.el7	*
Red Hat Software Collections 1 for Red Hat Enterprise Linux 7	RedHat	ruby200-ruby-0:2.0.0.353-24.el7	*
Ruby1.8	Ubuntu	lucid	*
Ruby1.8	Ubuntu	precise	*
Ruby1.9	Ubuntu	lucid	*
Ruby1.9.1	Ubuntu	lucid	*
Ruby1.9.1	Ubuntu	precise	*
Ruby1.9.1	Ubuntu	trusty	*
Ruby1.9.1	Ubuntu	utopic	*
Ruby1.9.1	Ubuntu	vivid	*
Ruby2.0	Ubuntu	trusty	*
Ruby2.0	Ubuntu	utopic	*
Ruby2.1	Ubuntu	devel	*
Ruby2.1	Ubuntu	utopic	*
Ruby2.1	Ubuntu	vivid	*
Ruby2.1	Ubuntu	wily	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-8080
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References