PT-2008-4109 · Ruby Lang+3 · Ruby+11

Published

2008-06-24

Updated

2018-11-01

CVE-2008-2664

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

The rb str format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2008-2664

DSA-1612-1

DSA-1618-1

RHSA-2008:0561

RHSA-2008:0562

RHSA-2008_0561

RHSA-2026:7305

RHSA-2026:7307

RHSA-2026:8838

Affected Products

Ruby

Debian

Irb

Ruby-Devel

Ruby-Docs

Ruby-Irb

Ruby-Libs

Ruby-Mode

Ruby-Rdoc

Ruby-Ri

Ruby-Tcltk

Ubuntu

PT-2008-4109 · Ruby Lang+3 · Ruby+11

CVE-2008-2664

Weakness Enumeration

Related Identifiers

Affected Products

References · 41