CVE-2008-2663Integer Overflow or Wraparound in Ruby

CWE-190Integer Overflow or Wraparound9 documents6 sources
Severity
10.0CRITICALNVD
EPSS
3.3%
top 12.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Ruby-lang RubyCanonical Ubuntu LinuxDebian Linux
Timeline
PublishedJun 24
Latest updateMay 1

Description

Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative,

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDruby-lang/ruby1.8.61.8.6.230+3

Also affects: Debian Linux 4.0, Ubuntu Linux 6.06, 7.04, 7.10, 8.04

Patches

Patch: www.ruby-lang.orgPatch: www.ruby-lang.org

🔴Vulnerability Details

2
GHSA
GHSA-8rh4-h2wx-5jpx: Multiple integer overflows in the rb_ary_store function in Ruby 12022-05-01
CVEList
CVE-2008-2663: Multiple integer overflows in the rb_ary_store function in Ruby 12008-06-24

📋Vendor Advisories

5
Ubuntu
Ruby vulnerabilities2008-06-26
Red Hat
ruby: Integer overflows in rb_ary_store()2008-06-20
Red Hat
ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N2008-06-20
Red Hat
ruby: Integer overflows in rb_str_buf_append()2008-06-20
Red Hat
ruby: Unsafe use of alloca in rb_str_format()2008-06-20

💬Community

1
Bugzilla
CVE-2008-2663 ruby: Integer overflows in rb_ary_store()2008-06-11
CVE-2008-2663 — Integer Overflow or Wraparound in Ruby | cvebase