CVE-2008-2376Integer Overflow or Wraparound in Ruby

CWE-189CWE-190Integer Overflow or Wraparound6 documents6 sources
Severity
7.5HIGHNVD
EPSS
11.4%
top 6.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ruby-lang Ruby
Timeline
PublishedJul 9
Latest updateMay 1

Description

Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDruby-lang/ruby1.8.6.230

🔴Vulnerability Details

2
GHSA
GHSA-f7wf-fwmg-r7g3: Integer overflow in the rb_ary_fill function in array2022-05-01
CVEList
CVE-2008-2376: Integer overflow in the rb_ary_fill function in array2008-07-09

📋Vendor Advisories

2
Ubuntu
Ruby vulnerabilities2008-10-10
Red Hat
ruby: integer overflows in rb_ary_fill() / Array#fill2008-07-01

💬Community

1
Bugzilla
CVE-2008-2376 ruby: integer overflows in rb_ary_fill() / Array#fill2008-07-01
CVE-2008-2376 — Integer Overflow or Wraparound in Ruby | cvebase