10

CVE-2008-2662

Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725.  NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.

Data is provided by the National Vulnerability Database (NVD)
Ruby-langRuby Version <= 1.8.4
Ruby-langRuby Version > 1.8.5 < 1.8.5.231
Ruby-langRuby Version >= 1.8.6 < 1.8.6.230
Ruby-langRuby Version >= 1.8.7 < 1.8.7.22
Ruby-langRuby Version >= 1.9.0 < 1.9.0.2
DebianDebian Linux Version4.0
CanonicalUbuntu Linux Version6.06 SwEditionlts
CanonicalUbuntu Linux Version7.04
CanonicalUbuntu Linux Version7.10
CanonicalUbuntu Linux Version8.04 SwEditionlts
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.81% 0.823
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
http://www.securityfocus.com/bid/29903
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1020347
Third Party Advisory
VDB Entry