CVE-2008-2725Integer Overflow or Wraparound in Ruby

CWE-190Integer Overflow or Wraparound11 documents6 sources
Severity
7.8HIGHNVD
CNA10.0
EPSS
2.5%
top 14.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Ruby-lang RubyCanonical Ubuntu LinuxDebian Linux
Timeline
PublishedJun 24
Latest updateMay 1

Description

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

NVDruby-lang/ruby1.8.51.8.5.231+3

Also affects: Debian Linux 4.0, Ubuntu Linux 6.06, 7.04, 7.10, 8.04

Patches

Patch: www.ruby-lang.orgPatch: www.ruby-lang.org

🔴Vulnerability Details

2
GHSA
GHSA-924x-9756-qq8p: Integer overflow in the (1) rb_ary_splice function in Ruby 12022-05-01
CVEList
CVE-2008-2725: Integer overflow in the (1) rb_ary_splice function in Ruby 12008-06-24

📋Vendor Advisories

5
Ubuntu
Ruby vulnerabilities2008-06-26
Red Hat
ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N2008-06-20
Red Hat
ruby: Integer overflows in rb_str_buf_append()2008-06-20
Red Hat
ruby: Unsafe use of alloca in rb_str_format()2008-06-20
Red Hat
ruby: Integer overflows in rb_ary_store()2008-06-20

💬Community

3
Bugzilla
CVE-2008-2725 ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N2008-06-17
Bugzilla
CVE-2008-2727 ruby: integer overflow in rb_ary_replace() (ruby-1.6.x) - REALLOC_N2008-06-17
Bugzilla
CVE-2008-2728 ruby: integer overflow in rb_ary_replace() (ruby-1.6.x) - beg + rlen2008-06-17
CVE-2008-2725 — Integer Overflow or Wraparound in Ruby | cvebase