CVE-2008-2726

Name of the Vulnerable Software and Affected Versions Ruby versions 1.6.x Ruby versions 1.8.4 and earlier Ruby versions 1.8.5 through 1.8.5-p230 Ruby versions 1.8.6 through 1.8.6-p229 Ruby versions 1.8.7 through 1.8.7-p21 Ruby versions 1.9.0 through 1.9.0-1

Description The issue is related to an integer overflow in the rb ary splice function and the rb ary replace function, which can lead to memory corruption. This can be exploited by context-dependent attackers.

Recommendations For Ruby version 1.6.x, consider upgrading to a newer version to resolve the issue. For Ruby versions 1.8.4 and earlier, upgrade to version 1.8.5-p231 or later. For Ruby versions 1.8.5 through 1.8.5-p230, upgrade to version 1.8.5-p231 or later. For Ruby versions 1.8.6 through 1.8.6-p229, upgrade to version 1.8.6-p230 or later. For Ruby versions 1.8.7 through 1.8.7-p21, upgrade to version 1.8.7-p22 or later. For Ruby versions 1.9.0 through 1.9.0-1, upgrade to version 1.9.0-2 or later.