CVE-2011-0188
published 2011-03-23CVE-2011-0188: The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms…
PriorityP429medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
3.02%
85.8th percentile
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ruby-lang | ruby | <= 1.9.2-p136 | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2012-02-28·CVSS 4.3
CVE-2010-0541 [MEDIUM] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in ruby1.8.
Drew Yao discovered that the WEBrick HTTP server was vulnerable to cross-site
scripting attacks when displaying error pages. A remote attacker could use this
flaw to run arbitrary web script. (CVE-2010-0541)
Drew Yao discovered that Ruby's BigDecimal module did not properly allocate
memory on 64-bit platforms. An attacker could use this flaw to cause a denial
of service or possibly execute arbitrary code with user privileges.
(CVE-2011-0188)
Nicholas Jefferson discovered that the FileUtils.remove_entry_secure method in
Ruby did not properly remove non-empty directories. An attacker could use this
flaw to possibly delete arbitrary files. (CVE-2011-1004)
It was discovered that Ruby incorrectly allowed un
Red Hat
ruby: memory corruption in BigDecimal on 64bit platforms
vendor_redhat·2011-03-01·CVSS 6.8
CVE-2011-0188 [MEDIUM] ruby: memory corruption in BigDecimal on 64bit platforms
ruby: memory corruption in BigDecimal on 64bit platforms
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."
GHSA
GHSA-6vch-6cgr-x9c3: The VpMemAlloc function in bigdecimal
ghsa_unreviewed·2022-05-17
CVE-2011-0188 [MEDIUM] GHSA-6vch-6cgr-x9c3: The VpMemAlloc function in bigdecimal
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."
No detection rules found.
No public exploits indexed.
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlhttp://support.apple.com/kb/HT4581http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993http://www.mandriva.com/security/advisories?name=MDVSA-2011:097http://www.mandriva.com/security/advisories?name=MDVSA-2011:098http://www.redhat.com/support/errata/RHSA-2011-0908.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0909.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0910.htmlhttp://www.securitytracker.com/id?1025236https://bugzilla.redhat.com/show_bug.cgi?id=682332http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlhttp://support.apple.com/kb/HT4581http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993http://www.mandriva.com/security/advisories?name=MDVSA-2011:097http://www.mandriva.com/security/advisories?name=MDVSA-2011:098http://www.redhat.com/support/errata/RHSA-2011-0908.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0909.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0910.htmlhttp://www.securitytracker.com/id?1025236https://bugzilla.redhat.com/show_bug.cgi?id=682332
2011-03-23
Published