PT-2008-4169 · Ruby Lang+3 · Ruby+11

Drew Yao

Publicado

2008-06-24

Atualizado

2018-11-01

CVE-2008-2725

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Integer overflow in the (1) rb ary splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb ary replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189

Identificadores relacionados

CVE-2008-2725

DSA-1612-1

DSA-1618-1

RHSA-2008:0561

RHSA-2008:0562

RHSA-2008_0561

RHSA-2026:7305

RHSA-2026:7307

RHSA-2026:8838

Produtos afetados

Ruby

Debian

Irb

Ruby-Devel

Ruby-Docs

Ruby-Irb

Ruby-Libs

Ruby-Mode

Ruby-Rdoc

Ruby-Ri

Ruby-Tcltk

Ubuntu

PT-2008-4169 · Ruby Lang+3 · Ruby+11

CVE-2008-2725

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 44