CVE-2008-2662Integer Overflow or Wraparound in Ruby

CWE-189CWE-190Integer Overflow or Wraparound9 documents6 sources
Severity
10.0CRITICALNVD
EPSS
2.8%
top 13.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Ruby-lang RubyCanonical Ubuntu LinuxDebian Linux
Timeline
PublishedJun 24
Latest updateMay 1

Description

Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDruby-lang/ruby1.8.61.8.6.230+4

Also affects: Debian Linux 4.0, Ubuntu Linux 6.06, 7.04, 7.10, 8.04

Patches

Patch: www.ruby-lang.orgPatch: www.ruby-lang.org

🔴Vulnerability Details

2
GHSA
GHSA-6wwf-x53r-5qqq: Multiple integer overflows in the rb_str_buf_append function in Ruby 12022-05-01
CVEList
CVE-2008-2662: Multiple integer overflows in the rb_str_buf_append function in Ruby 12008-06-24

📋Vendor Advisories

5
Ubuntu
Ruby vulnerabilities2008-06-26
Red Hat
ruby: Integer overflows in rb_str_buf_append()2008-06-20
Red Hat
ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N2008-06-20
Red Hat
ruby: Unsafe use of alloca in rb_str_format()2008-06-20
Red Hat
ruby: Integer overflows in rb_ary_store()2008-06-20

💬Community

1
Bugzilla
CVE-2008-2662 ruby: Integer overflows in rb_str_buf_append()2008-06-11
CVE-2008-2662 — Integer Overflow or Wraparound in Ruby | cvebase