CVE-2014-8080

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.

Affected Software

Name	Vendor	Start Version	End Version
Opensuse	Opensuse	12.3	12.3
Opensuse	Opensuse	13.1	13.1
Red Hat Enterprise Linux 6	RedHat	ruby-0:1.8.7.374-3.el6_6	*
Red Hat Enterprise Linux 7	RedHat	ruby-0:2.0.0.353-22.el7_0	*
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6	RedHat	ruby193-ruby-0:1.9.3.484-50.el6	*
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6	RedHat	ruby200-ruby-0:2.0.0.353-24.el6	*
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS	RedHat	ruby193-ruby-0:1.9.3.484-50.el6	*
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS	RedHat	ruby200-ruby-0:2.0.0.353-24.el6	*
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS	RedHat	ruby193-ruby-0:1.9.3.484-50.el6	*
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS	RedHat	ruby200-ruby-0:2.0.0.353-24.el6	*
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS	RedHat	ruby193-ruby-0:1.9.3.484-50.el6	*
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS	RedHat	ruby200-ruby-0:2.0.0.353-24.el6	*
Red Hat Software Collections 1 for Red Hat Enterprise Linux 7	RedHat	ruby193-ruby-0:1.9.3.484-50.el7	*
Red Hat Software Collections 1 for Red Hat Enterprise Linux 7	RedHat	ruby200-ruby-0:2.0.0.353-24.el7	*
Ruby1.8	Ubuntu	lucid	*
Ruby1.8	Ubuntu	precise	*
Ruby1.9	Ubuntu	lucid	*
Ruby1.9.1	Ubuntu	lucid	*
Ruby1.9.1	Ubuntu	precise	*
Ruby1.9.1	Ubuntu	trusty	*
Ruby1.9.1	Ubuntu	utopic	*
Ruby1.9.1	Ubuntu	vivid	*
Ruby2.0	Ubuntu	trusty	*
Ruby2.0	Ubuntu	utopic	*
Ruby2.1	Ubuntu	devel	*
Ruby2.1	Ubuntu	utopic	*
Ruby2.1	Ubuntu	vivid	*
Ruby2.1	Ubuntu	wily	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-8080
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References