CVE-2008-2663
published 2008-06-24CVE-2008-2663: Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22…
PriorityP339critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
4.46%
90.2th percentile
Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| ruby-lang | ruby | < 1.8.5.231 | 1.8.5.231 |
| ruby-lang | ruby | <= 1.8.4 | — |
| ruby-lang | ruby | >= 1.8.5 < 1.8.5.231 | 1.8.5.231 |
| ruby-lang | ruby | >= 1.8.6 < 1.8.6.230 | 1.8.6.230 |
| ruby-lang | ruby | >= 1.8.7 < 1.8.7.22 | 1.8.7.22 |
| ruby-lang | ruby | >= 1.9.0 < 1.9.0.2 | 1.9.0.2 |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
vendor_ubuntu10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-924x-9756-qq8p: Integer overflow in the (1) rb_ary_splice function in Ruby 1
ghsa_unreviewed·2022-05-01·CVSS 10.0
CVE-2008-2725 [CRITICAL] GHSA-924x-9756-qq8p: Integer overflow in the (1) rb_ary_splice function in Ruby 1
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
GHSA
GHSA-c4h6-p7gp-39x2: The rb_str_format function in Ruby 1
ghsa_unreviewed·2022-05-01·CVSS 10.0
CVE-2008-2664 [CRITICAL] GHSA-c4h6-p7gp-39x2: The rb_str_format function in Ruby 1
The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
GHSA
GHSA-8rh4-h2wx-5jpx: Multiple integer overflows in the rb_ary_store function in Ruby 1
ghsa_unreviewed·2022-05-01·CVSS 10.0
CVE-2008-2663 [CRITICAL] CWE-190 GHSA-8rh4-h2wx-5jpx: Multiple integer overflows in the rb_ary_store function in Ruby 1
Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
GHSA
GHSA-6wwf-x53r-5qqq: Multiple integer overflows in the rb_str_buf_append function in Ruby 1
ghsa_unreviewed·2022-05-01·CVSS 10.0
CVE-2008-2662 [CRITICAL] GHSA-6wwf-x53r-5qqq: Multiple integer overflows in the rb_str_buf_append function in Ruby 1
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2008-06-26·CVSS 10.0
CVE-2008-2725 [CRITICAL] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Ruby vulnerabilities
Drew Yao discovered several vulnerabilities in Ruby which lead to integer
overflows. If a user or automated system were tricked into running a
malicious script, an attacker could cause a denial of service or execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2008-2662, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726)
Drew Yao discovered that Ruby did not sanitize its input when using ALLOCA.
If a user or automated system were tricked into running a malicious script,
an attacker could cause a denial of service via memory corruption.
(CVE-2008-2664)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
ruby: Integer overflows in rb_str_buf_append()
vendor_redhat·2008-06-20·CVSS 10.0
CVE-2008-2662 [CRITICAL] CWE-190 ruby: Integer overflows in rb_str_buf_append()
ruby: Integer overflows in rb_str_buf_append()
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.
Red Hat
ruby: Unsafe use of alloca in rb_str_format()
vendor_redhat·2008-06-20·CVSS 10.0
CVE-2008-2664 [CRITICAL] ruby: Unsafe use of alloca in rb_str_format()
ruby: Unsafe use of alloca in rb_str_format()
The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
Red Hat
ruby: Integer overflows in rb_ary_store()
vendor_redhat·2008-06-20·CVSS 10.0
CVE-2008-2663 [CRITICAL] CWE-190 ruby: Integer overflows in rb_ary_store()
ruby: Integer overflows in rb_ary_store()
Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
Red Hat
ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N
vendor_redhat·2008-06-20·CVSS 10.0
CVE-2008-2725 [CRITICAL] CWE-190 ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N
ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
No detection rules found.
No public exploits indexed.
http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlhttp://secunia.com/advisories/30802http://secunia.com/advisories/30831http://secunia.com/advisories/30867http://secunia.com/advisories/30875http://secunia.com/advisories/30894http://secunia.com/advisories/31062http://secunia.com/advisories/31090http://secunia.com/advisories/31181http://secunia.com/advisories/31256http://secunia.com/advisories/31687http://secunia.com/advisories/33178http://security.gentoo.org/glsa/glsa-200812-17.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562http://support.apple.com/kb/HT2163http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilitieshttp://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206http://www.debian.org/security/2008/dsa-1612http://www.debian.org/security/2008/dsa-1618http://www.mandriva.com/security/advisories?name=MDVSA-2008:140http://www.mandriva.com/security/advisories?name=MDVSA-2008:141http://www.mandriva.com/security/advisories?name=MDVSA-2008:142http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/http://www.redhat.com/support/errata/RHSA-2008-0561.htmlhttp://www.ruby-forum.com/topic/157034http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.htmlhttp://www.securityfocus.com/archive/1/493688/100/0/threadedhttp://www.securityfocus.com/bid/29903http://www.securitytracker.com/id?1020347http://www.ubuntu.com/usn/usn-621-1http://www.vupen.com/english/advisories/2008/1907/referenceshttp://www.vupen.com/english/advisories/2008/1981/referenceshttp://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/43346https://issues.rpath.com/browse/RPL-2626https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10524https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.htmlhttp://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlhttp://secunia.com/advisories/30802http://secunia.com/advisories/30831http://secunia.com/advisories/30867http://secunia.com/advisories/30875http://secunia.com/advisories/30894http://secunia.com/advisories/31062http://secunia.com/advisories/31090http://secunia.com/advisories/31181http://secunia.com/advisories/31256http://secunia.com/advisories/31687http://secunia.com/advisories/33178http://security.gentoo.org/glsa/glsa-200812-17.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562http://support.apple.com/kb/HT2163http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilitieshttp://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206http://www.debian.org/security/2008/dsa-1612http://www.debian.org/security/2008/dsa-1618http://www.mandriva.com/security/advisories?name=MDVSA-2008:140http://www.mandriva.com/security/advisories?name=MDVSA-2008:141http://www.mandriva.com/security/advisories?name=MDVSA-2008:142http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/http://www.redhat.com/support/errata/RHSA-2008-0561.htmlhttp://www.ruby-forum.com/topic/157034http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.htmlhttp://www.securityfocus.com/archive/1/493688/100/0/threadedhttp://www.securityfocus.com/bid/29903http://www.securitytracker.com/id?1020347http://www.ubuntu.com/usn/usn-621-1http://www.vupen.com/english/advisories/2008/1907/referenceshttp://www.vupen.com/english/advisories/2008/1981/referenceshttp://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/43346https://issues.rpath.com/browse/RPL-2626https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10524https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html
2008-06-24
Published