CVE-2011-0188Ruby vulnerability

CWE-1896 documents6 sources
Severity
6.8MEDIUMNVD
EPSS
1.9%
top 16.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ruby-lang Ruby
Timeline
PublishedMar 23
Latest updateMay 17

Description

The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDruby-lang/ruby1.9.2-p136+9

Patches

Patch: lists.apple.comPatch: support.apple.comPatch: svn.ruby-lang.org

🔴Vulnerability Details

2
GHSA
GHSA-6vch-6cgr-x9c3: The VpMemAlloc function in bigdecimal2022-05-17
CVEList
CVE-2011-0188: The VpMemAlloc function in bigdecimal2011-03-23

📋Vendor Advisories

2
Ubuntu
Ruby vulnerabilities2012-02-28
Red Hat
ruby: memory corruption in BigDecimal on 64bit platforms2011-03-01

💬Community

1
Bugzilla
CVE-2011-0188 ruby: memory corruption in BigDecimal on 64bit platforms2011-03-04
CVE-2011-0188 — Ruby-lang Ruby vulnerability | cvebase