7.8

CVE-2008-2725

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664.  NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ruby-langRuby Version <= 1.8.4
Ruby-langRuby Version >= 1.8.5 < 1.8.5.231
Ruby-langRuby Version >= 1.8.6 < 1.8.6.230
Ruby-langRuby Version >= 1.8.7 < 1.8.7.22
DebianDebian Linux Version4.0
CanonicalUbuntu Linux Version6.06 SwEditionlts
CanonicalUbuntu Linux Version7.04
CanonicalUbuntu Linux Version7.10
CanonicalUbuntu Linux Version8.04 SwEditionlts
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.7% 0.883
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/30802
Third Party Advisory
http://support.apple.com/kb/HT2163
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1981/references
Third Party Advisory
http://secunia.com/advisories/31090
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
Third Party Advisory
http://secunia.com/advisories/31687
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:141
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:142
Third Party Advisory
http://secunia.com/advisories/30831
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:140
Third Party Advisory
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/
Patch
Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html
Third Party Advisory
http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/
Third Party Advisory
http://secunia.com/advisories/30867
Third Party Advisory
http://secunia.com/advisories/30875
Third Party Advisory
http://secunia.com/advisories/30894
Third Party Advisory
http://secunia.com/advisories/31062
Third Party Advisory
http://secunia.com/advisories/31181
Third Party Advisory
http://secunia.com/advisories/31256
Third Party Advisory
http://secunia.com/advisories/33178
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200812-17.xml
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562
Third Party Advisory
http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities
Third Party Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206
Broken Link
http://www.debian.org/security/2008/dsa-1612
Third Party Advisory
http://www.debian.org/security/2008/dsa-1618
Third Party Advisory
http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0561.html
Third Party Advisory
http://www.ruby-forum.com/topic/157034
Third Party Advisory
http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html
Third Party Advisory
http://www.securityfocus.com/archive/1/493688/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/29903
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1020347
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-621-1
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1907/references
Third Party Advisory
http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html
Broken Link
https://issues.rpath.com/browse/RPL-2626
Broken Link
http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html
Third Party Advisory
https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2727
Third Party Advisory
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/43350
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9606
Third Party Advisory