CVE-2008-2376
published 2008-07-09CVE-2008-2376: Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash)…
PriorityP429high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.60%
88.0th percentile
Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ruby-lang | ruby | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2008-10-10·CVSS 6.8
CVE-2008-3790 [MEDIUM] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Ruby vulnerabilities
Akira Tagoh discovered a vulnerability in Ruby which lead to an integer
overflow. If a user or automated system were tricked into running a
malicious script, an attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user
invoking the program. (CVE-2008-2376)
Laurent Gaffie discovered that Ruby did not properly check for memory
allocation failures. If a user or automated system were tricked into
running a malicious script, an attacker could cause a denial of
service. (CVE-2008-3443)
Keita Yamaguchi discovered several safe level vulnerabilities in Ruby.
An attacker could use this to bypass intended access restrictions.
(CVE-2008-3655)
Keita Yamaguchi discovered that WEBrick in Ruby
Red Hat
ruby: integer overflows in rb_ary_fill() / Array#fill
vendor_redhat·2008-07-01·CVSS 7.5
CVE-2008-2376 [HIGH] CWE-190 ruby: integer overflows in rb_ary_fill() / Array#fill
ruby: integer overflows in rb_ary_fill() / Array#fill
Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.
GHSA
GHSA-f7wf-fwmg-r7g3: Integer overflow in the rb_ary_fill function in array
ghsa_unreviewed·2022-05-01
CVE-2008-2376 [HIGH] GHSA-f7wf-fwmg-r7g3: Integer overflow in the rb_ary_fill function in array
Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.
No detection rules found.
No public exploits indexed.
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.htmlhttp://secunia.com/advisories/30927http://secunia.com/advisories/31006http://secunia.com/advisories/31062http://secunia.com/advisories/31090http://secunia.com/advisories/31181http://secunia.com/advisories/31256http://secunia.com/advisories/32219http://secunia.com/advisories/33178http://security.gentoo.org/glsa/glsa-200812-17.xmlhttp://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17756http://wiki.rpath.com/Advisories:rPSA-2008-0218http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0218http://www.debian.org/security/2008/dsa-1612http://www.debian.org/security/2008/dsa-1618http://www.mandriva.com/security/advisories?name=MDVSA-2008:140http://www.mandriva.com/security/advisories?name=MDVSA-2008:141http://www.mandriva.com/security/advisories?name=MDVSA-2008:142http://www.openwall.com/lists/oss-security/2008/07/02/3http://www.redhat.com/support/errata/RHSA-2008-0561.htmlhttp://www.securityfocus.com/archive/1/494104/100/0/threadedhttp://www.us-cert.gov/cas/techalerts/TA08-260A.htmlhttp://www.vupen.com/english/advisories/2008/2584https://issues.rpath.com/browse/RPL-2639https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9863https://usn.ubuntu.com/651-1/https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00112.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-July/msg00161.htmlhttp://lists.apple.com/archives/security-announce//2008/Sep/msg00005.htmlhttp://secunia.com/advisories/30927http://secunia.com/advisories/31006http://secunia.com/advisories/31062http://secunia.com/advisories/31090http://secunia.com/advisories/31181http://secunia.com/advisories/31256http://secunia.com/advisories/32219http://secunia.com/advisories/33178http://security.gentoo.org/glsa/glsa-200812-17.xmlhttp://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17756http://wiki.rpath.com/Advisories:rPSA-2008-0218http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0218http://www.debian.org/security/2008/dsa-1612http://www.debian.org/security/2008/dsa-1618http://www.mandriva.com/security/advisories?name=MDVSA-2008:140http://www.mandriva.com/security/advisories?name=MDVSA-2008:141http://www.mandriva.com/security/advisories?name=MDVSA-2008:142http://www.openwall.com/lists/oss-security/2008/07/02/3http://www.redhat.com/support/errata/RHSA-2008-0561.htmlhttp://www.securityfocus.com/archive/1/494104/100/0/threadedhttp://www.us-cert.gov/cas/techalerts/TA08-260A.htmlhttp://www.vupen.com/english/advisories/2008/2584https://issues.rpath.com/browse/RPL-2639https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9863https://usn.ubuntu.com/651-1/https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00112.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-July/msg00161.html
2008-07-09
Published