cbcvebase.
CVE-2011-0188
published 2011-03-23

CVE-2011-0188: The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms…

PriorityP429medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
3.02%
85.8th percentile
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."

Affected

10 ranges
VendorProductVersion rangeFixed in
ruby-langruby<= 1.9.2-p136
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.