PT-2008-4108 · Ruby Lang+3 · Ruby+11

Drew Yao

Published

2008-06-24

Updated

2018-11-01

CVE-2008-2663

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Multiple integer overflows in the rb ary store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2008-2663

DSA-1612-1

DSA-1618-1

RHSA-2008:0561

RHSA-2008:0562

RHSA-2008_0561

RHSA-2026:7305

RHSA-2026:7307

RHSA-2026:8838

Affected Products

Ruby

Debian

Irb

Ruby-Devel

Ruby-Docs

Ruby-Irb

Ruby-Libs

Ruby-Mode

Ruby-Rdoc

Ruby-Ri

Ruby-Tcltk

Ubuntu

PT-2008-4108 · Ruby Lang+3 · Ruby+11

CVE-2008-2663

Weakness Enumeration

Related Identifiers

Affected Products

References · 41