7.8
CVE-2008-2664
- EPSS 4.28%
- Veröffentlicht 24.06.2008 19:41:00
- Zuletzt bearbeitet 16.06.2026 22:54:11
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version4.0
Canonical ≫ Ubuntu Linux Version6.06 SwEditionlts
Canonical ≫ Ubuntu Linux Version7.04
Canonical ≫ Ubuntu Linux Version7.10
Canonical ≫ Ubuntu Linux Version8.04 SwEditionlts
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.28% | 0.898 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
http://secunia.com/advisories/30802
http://support.apple.com/kb/HT2163
http://www.vupen.com/english/advisories/2008/1981/references
http://secunia.com/advisories/31090
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://secunia.com/advisories/31687
http://www.mandriva.com/security/advisories?name=MDVSA-2008:141
http://www.mandriva.com/security/advisories?name=MDVSA-2008:142
http://secunia.com/advisories/30831
http://www.mandriva.com/security/advisories?name=MDVSA-2008:140
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html
http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/
http://secunia.com/advisories/30867
http://secunia.com/advisories/30875
http://secunia.com/advisories/30894
http://secunia.com/advisories/31062
http://secunia.com/advisories/31181
http://secunia.com/advisories/31256
http://secunia.com/advisories/33178
http://security.gentoo.org/glsa/glsa-200812-17.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562
http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206
http://www.debian.org/security/2008/dsa-1612
http://www.debian.org/security/2008/dsa-1618
http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/
http://www.redhat.com/support/errata/RHSA-2008-0561.html
http://www.ruby-forum.com/topic/157034
http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html
http://www.securityfocus.com/archive/1/493688/100/0/threaded
http://www.securityfocus.com/bid/29903
http://www.securitytracker.com/id?1020347
http://www.ubuntu.com/usn/usn-621-1
http://www.vupen.com/english/advisories/2008/1907/references
http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html
https://issues.rpath.com/browse/RPL-2626
https://exchange.xforce.ibmcloud.com/vulnerabilities/43348
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9646