CVE-2014-2734

Ruby 2.x - Signature Spoofing via OpenSSL Extension Memory State

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-2734. PoCs published by adrienthebo, gdisneyleugers.

AI-analyzed exploit summary This PoC demonstrates a certificate signing vulnerability in OpenSSL where a CA certificate can be signed with a key that does not match its public key, exploiting CVE-2014-2734. The script uses Ruby and the OpenSSL library to show the flaw in certificate verification.

Description

The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operations. NOTE: this issue has been disputed by the Ruby OpenSSL team and third parties, who state that the original demonstration PoC contains errors and redundant or unnecessarily-complex code that does not appear to be related to a demonstration of the issue. As of 20140502, CVE is not aware of any public comment by the original researcher

Exploits (2)

nomisec WORKING POC 1 stars
by adrienthebo · poc
https://github.com/adrienthebo/cve-2014-2734

This PoC demonstrates a certificate signing vulnerability in OpenSSL where a CA certificate can be signed with a key that does not match its public key, exploiting CVE-2014-2734. The script uses Ruby and the OpenSSL library to show the flaw in certificate verification.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: OpenSSL (versions affected by CVE-2014-2734)
No auth needed
Prerequisites: OpenSSL library · CA certificate file (ca.pem)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by gdisneyleugers · poc
https://github.com/gdisneyleugers/CVE-2014-2734

This repository contains a README describing CVE-2014-2734, a vulnerability in Ruby OpenSSL where a CA private key can be spoofed if a public key is issued before the private key is written and the script is reopened. The PoC is referenced but not included in the repository.

Classification
Writeup 80%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Ruby OpenSSL
No auth needed
Prerequisites: Ruby OpenSSL environment · Specific conditions where public key is issued before private key
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/106006
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/66956
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/May/13
Various Sources x_refsource_misc
https://gist.github.com/10446549
Various Sources x_refsource_misc
https://gist.github.com/emboss/91696b56cd227c8a0c13
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Apr/231
Various Sources x_refsource_misc
https://news.ycombinator.com/item?id=7601973

Scores

EPSS 0.0535
EPSS Percentile 91.6%

Details

CWE
CWE-399
Status published
Products (4)
ruby-lang/ruby 2.0
ruby-lang/ruby 2.0.0 (8 CPE variants)
ruby-lang/ruby 2.1 (2 CPE variants)
ruby-lang/ruby 2.1.1
Published Apr 24, 2014
Tracked Since Feb 18, 2026