7.8

CVE-2008-2664

The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725.  NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ruby-langRuby Version <= 1.8.4
Ruby-langRuby Version > 1.8.5 < 1.8.5.231
Ruby-langRuby Version >= 1.8.6 < 1.8.6.230
Ruby-langRuby Version >= 1.8.7 < 1.8.7.22
Ruby-langRuby Version >= 1.9.0 < 1.9.0.2
DebianDebian Linux Version4.0
CanonicalUbuntu Linux Version6.06 SwEditionlts
CanonicalUbuntu Linux Version7.04
CanonicalUbuntu Linux Version7.10
CanonicalUbuntu Linux Version8.04 SwEditionlts
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.28% 0.898
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/30802
Third Party Advisory
http://support.apple.com/kb/HT2163
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1981/references
Third Party Advisory
http://secunia.com/advisories/31090
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
Third Party Advisory
http://secunia.com/advisories/31687
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:141
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:142
Third Party Advisory
http://secunia.com/advisories/30831
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:140
Third Party Advisory
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/
Patch
Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html
Third Party Advisory
http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/
Third Party Advisory
http://secunia.com/advisories/30867
Third Party Advisory
http://secunia.com/advisories/30875
Third Party Advisory
http://secunia.com/advisories/30894
Third Party Advisory
http://secunia.com/advisories/31062
Third Party Advisory
http://secunia.com/advisories/31181
Third Party Advisory
http://secunia.com/advisories/31256
Third Party Advisory
http://secunia.com/advisories/33178
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200812-17.xml
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562
Third Party Advisory
Mailing List
http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities
Third Party Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206
Broken Link
http://www.debian.org/security/2008/dsa-1612
Third Party Advisory
http://www.debian.org/security/2008/dsa-1618
Third Party Advisory
http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0561.html
Third Party Advisory
http://www.ruby-forum.com/topic/157034
Third Party Advisory
http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html
Third Party Advisory
http://www.securityfocus.com/archive/1/493688/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/29903
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1020347
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-621-1
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1907/references
Third Party Advisory
http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html
Broken Link
https://issues.rpath.com/browse/RPL-2626
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/43348
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9646
Third Party Advisory