Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-2726

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-24 Jun, 2008 | 19:00
Updated At-07 Aug, 2024 | 09:14
Rejected At-
Credits

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:24 Jun, 2008 | 19:00
Updated At:07 Aug, 2024 | 09:14
Rejected At:
▼CVE Numbering Authority (CNA)

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
vendor-advisory
x_refsource_SUSE
http://support.apple.com/kb/HT2163
x_refsource_CONFIRM
http://secunia.com/advisories/31090
third-party-advisory
x_refsource_SECUNIA
http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities
x_refsource_MISC
http://www.mandriva.com/security/advisories?name=MDVSA-2008:141
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/30875
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/1981/references
vdb-entry
x_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/43351
vdb-entry
x_refsource_XF
http://www.vupen.com/english/advisories/2008/1907/references
vdb-entry
x_refsource_VUPEN
http://www.debian.org/security/2008/dsa-1618
vendor-advisory
x_refsource_DEBIAN
http://secunia.com/advisories/31687
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/30894
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/31062
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/31256
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/493688/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/
x_refsource_MISC
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562
vendor-advisory
x_refsource_SLACKWARE
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
vendor-advisory
x_refsource_APPLE
http://www.securitytracker.com/id?1020347
vdb-entry
x_refsource_SECTRACK
http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html
x_refsource_MISC
http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html
mailing-list
x_refsource_MLIST
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206
x_refsource_CONFIRM
https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657
x_refsource_CONFIRM
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html
vendor-advisory
x_refsource_FEDORA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:140
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/30802
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/30831
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959
vdb-entry
signature
x_refsource_OVAL
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460
x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2008-0561.html
vendor-advisory
x_refsource_REDHAT
https://issues.rpath.com/browse/RPL-2626
x_refsource_CONFIRM
http://www.debian.org/security/2008/dsa-1612
vendor-advisory
x_refsource_DEBIAN
http://security.gentoo.org/glsa/glsa-200812-17.xml
vendor-advisory
x_refsource_GENTOO
http://secunia.com/advisories/33178
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/29903
vdb-entry
x_refsource_BID
http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html
x_refsource_MISC
http://secunia.com/advisories/30867
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:142
vendor-advisory
x_refsource_MANDRIVA
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/
x_refsource_CONFIRM
http://www.ruby-forum.com/topic/157034
x_refsource_MISC
http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/
x_refsource_MISC
http://www.ubuntu.com/usn/usn-621-1
vendor-advisory
x_refsource_UBUNTU
http://secunia.com/advisories/31181
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://support.apple.com/kb/HT2163
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/31090
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities
Resource:
x_refsource_MISC
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:141
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/30875
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2008/1981/references
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/43351
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.vupen.com/english/advisories/2008/1907/references
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.debian.org/security/2008/dsa-1618
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://secunia.com/advisories/31687
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/30894
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/31062
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/31256
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/493688/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/
Resource:
x_refsource_MISC
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562
Resource:
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.securitytracker.com/id?1020347
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html
Resource:
x_refsource_MISC
Hyperlink: http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:140
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/30802
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/30831
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0561.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://issues.rpath.com/browse/RPL-2626
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.debian.org/security/2008/dsa-1612
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://security.gentoo.org/glsa/glsa-200812-17.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://secunia.com/advisories/33178
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/29903
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/30867
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:142
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ruby-forum.com/topic/157034
Resource:
x_refsource_MISC
Hyperlink: http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/
Resource:
x_refsource_MISC
Hyperlink: http://www.ubuntu.com/usn/usn-621-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://secunia.com/advisories/31181
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://support.apple.com/kb/HT2163
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/31090
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities
x_refsource_MISC
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2008:141
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/30875
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2008/1981/references
vdb-entry
x_refsource_VUPEN
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/43351
vdb-entry
x_refsource_XF
x_transferred
http://www.vupen.com/english/advisories/2008/1907/references
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.debian.org/security/2008/dsa-1618
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://secunia.com/advisories/31687
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/30894
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/31062
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/31256
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/493688/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/
x_refsource_MISC
x_transferred
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562
vendor-advisory
x_refsource_SLACKWARE
x_transferred
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://www.securitytracker.com/id?1020347
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html
x_refsource_MISC
x_transferred
http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html
mailing-list
x_refsource_MLIST
x_transferred
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206
x_refsource_CONFIRM
x_transferred
https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657
x_refsource_CONFIRM
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2008:140
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/30802
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/30831
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460
x_refsource_CONFIRM
x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0561.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://issues.rpath.com/browse/RPL-2626
x_refsource_CONFIRM
x_transferred
http://www.debian.org/security/2008/dsa-1612
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://security.gentoo.org/glsa/glsa-200812-17.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://secunia.com/advisories/33178
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/29903
vdb-entry
x_refsource_BID
x_transferred
http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html
x_refsource_MISC
x_transferred
http://secunia.com/advisories/30867
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2008:142
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/
x_refsource_CONFIRM
x_transferred
http://www.ruby-forum.com/topic/157034
x_refsource_MISC
x_transferred
http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/
x_refsource_MISC
x_transferred
http://www.ubuntu.com/usn/usn-621-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://secunia.com/advisories/31181
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://support.apple.com/kb/HT2163
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/31090
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:141
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/30875
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/1981/references
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/43351
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/1907/references
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.debian.org/security/2008/dsa-1618
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://secunia.com/advisories/31687
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/30894
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/31062
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/31256
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/493688/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.securitytracker.com/id?1020347
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:140
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/30802
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/30831
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0561.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://issues.rpath.com/browse/RPL-2626
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.debian.org/security/2008/dsa-1612
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200812-17.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://secunia.com/advisories/33178
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/29903
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/30867
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:142
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ruby-forum.com/topic/157034
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-621-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://secunia.com/advisories/31181
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:24 Jun, 2008 | 19:41
Updated At:01 Nov, 2018 | 15:07

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.8HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 2.0
Base score: 7.8
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CPE Matches
Ruby
ruby-lang
>>ruby>>Versions up to 1.8.4(inclusive)
cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>Versions from 1.8.5(inclusive) to 1.8.5.231(exclusive)
cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>Versions from 1.8.6(inclusive) to 1.8.6.230(exclusive)
cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>Versions from 1.8.7(inclusive) to 1.8.7.22(exclusive)
cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>Versions from 1.9.0(inclusive) to 1.9.0.2(exclusive)
cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>4.0
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>6.06
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>7.04
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>7.10
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>8.04
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
Weaknesses
CWE IDTypeSource
CWE-189Primarynvd@nist.gov
CWE ID: CWE-189
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/secalert@redhat.com
Third Party Advisory
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlsecalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/30802secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/30831secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/30867secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/30875secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/30894secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/31062secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/31090secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/31181secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/31256secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/31687secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/33178secalert@redhat.com
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200812-17.xmlsecalert@redhat.com
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562secalert@redhat.com
Third Party Advisory
http://support.apple.com/kb/HT2163secalert@redhat.com
Third Party Advisory
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460secalert@redhat.com
Vendor Advisory
http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilitiessecalert@redhat.com
Third Party Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206secalert@redhat.com
Broken Link
http://www.debian.org/security/2008/dsa-1612secalert@redhat.com
Third Party Advisory
http://www.debian.org/security/2008/dsa-1618secalert@redhat.com
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:140secalert@redhat.com
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:141secalert@redhat.com
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:142secalert@redhat.com
Third Party Advisory
http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/secalert@redhat.com
Third Party Advisory
http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.htmlsecalert@redhat.com
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0561.htmlsecalert@redhat.com
Third Party Advisory
http://www.ruby-forum.com/topic/157034secalert@redhat.com
Third Party Advisory
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/secalert@redhat.com
Patch
Vendor Advisory
http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.htmlsecalert@redhat.com
Third Party Advisory
http://www.securityfocus.com/archive/1/493688/100/0/threadedsecalert@redhat.com
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/29903secalert@redhat.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1020347secalert@redhat.com
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-621-1secalert@redhat.com
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1907/referencessecalert@redhat.com
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1981/referencessecalert@redhat.com
Third Party Advisory
http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.htmlsecalert@redhat.com
Broken Link
https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657secalert@redhat.com
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/43351secalert@redhat.com
Third Party Advisory
VDB Entry
https://issues.rpath.com/browse/RPL-2626secalert@redhat.com
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959secalert@redhat.com
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.htmlsecalert@redhat.com
Third Party Advisory
Hyperlink: http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/30802
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/30831
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/30867
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/30875
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/30894
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/31062
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/31090
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/31181
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/31256
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/31687
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/33178
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200812-17.xml
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://support.apple.com/kb/HT2163
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://www.debian.org/security/2008/dsa-1612
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2008/dsa-1618
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:140
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:141
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:142
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0561.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.ruby-forum.com/topic/157034
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/archive/1/493688/100/0/threaded
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/29903
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1020347
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/usn-621-1
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2008/1907/references
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2008/1981/references
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/43351
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://issues.rpath.com/browse/RPL-2626
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html
Source: secalert@redhat.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

157Records found
CVE-2007-6523
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.35% / 79.29%
||
7 Day CHG~0.00%
Published-24 Dec, 2007 | 20:00
Updated-07 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (CPU consumption) via a crafted bitmap (BMP) file that triggers a large number of calculations and checks.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-189
Not Available
CWE ID-CWE-399
Not Available
CVE-2007-5558
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.70% / 81.50%
||
7 Day CHG~0.00%
Published-18 Oct, 2007 | 20:00
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the LG Mobile handset allows remote attackers to cause a denial of service (reboot) via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Action-Not Available
Vendor-lg_electronicsn/a
Product-lg_mobile_handsetn/a
CWE ID-CWE-189
Not Available
CVE-2007-6276
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-14.00% / 94.08%
||
7 Day CHG~0.00%
Published-07 Dec, 2007 | 11:00
Updated-07 Aug, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-189
Not Available
CVE-2007-4347
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-7.8||HIGH
EPSS-1.35% / 79.32%
||
7 Day CHG~0.00%
Published-29 Nov, 2007 | 23:00
Updated-07 Aug, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in the Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of service (CPU and memory consumption) via a crafted packet to port 5633/tcp, which triggers an infinite loop.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-backupexec_system_recoveryn/a
CWE ID-CWE-189
Not Available
CVE-2007-3642
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.06% / 83.16%
||
7 Day CHG~0.00%
Published-10 Jul, 2007 | 01:00
Updated-07 Aug, 2024 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c in the Linux kernel before 2.6.20.15, 2.6.21.x before 2.6.21.6, and before 2.6.22 allows remote attackers to cause a denial of service (crash) via an encoded, out-of-range index value for a choice field, which triggers a NULL pointer dereference.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-189
Not Available
CVE-2006-4517
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.99% / 82.88%
||
7 Day CHG~0.00%
Published-01 Nov, 2006 | 15:00
Updated-07 Aug, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service (crash) in the Tomcat server via a long TREE parameter in an HTTP POST, which triggers a NULL pointer dereference.

Action-Not Available
Vendor-n/aNovell
Product-imanagern/a
CWE ID-CWE-189
Not Available
CWE ID-CWE-399
Not Available
CVE-2008-3135
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.48% / 80.23%
||
7 Day CHG~0.00%
Published-10 Jul, 2008 | 23:00
Updated-07 Aug, 2024 | 09:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Soldner Secret Wars 33724 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a large numeric value in a 0x80 data block.

Action-Not Available
Vendor-secretwarsn/a
Product-soldner_secret_warsn/a
CWE ID-CWE-189
Not Available
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found