PT-2008-4108 · Ruby Lang+3 · Ruby+11

Drew Yao

Publicado

2008-06-24

Atualizado

2018-11-01

CVE-2008-2663

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Multiple integer overflows in the rb ary store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Correção

DoS

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

CVE-2008-2663

DSA-1612-1

DSA-1618-1

RHSA-2008:0561

RHSA-2008:0562

RHSA-2008_0561

RHSA-2026:7305

RHSA-2026:7307

RHSA-2026:8838

Produtos afetados

Ruby

Debian

Irb

Ruby-Devel

Ruby-Docs

Ruby-Irb

Ruby-Libs

Ruby-Mode

Ruby-Rdoc

Ruby-Ri

Ruby-Tcltk

Ubuntu

PT-2008-4108 · Ruby Lang+3 · Ruby+11

CVE-2008-2663

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 41