Ruby-lang

Ruby

93 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 15.68%
  • Veröffentlicht 14.08.2008 23:41:00
  • Zuletzt bearbeitet 16.06.2026 22:55:50

The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to ...

Exploit
  • EPSS 13.67%
  • Veröffentlicht 13.08.2008 01:41:00
  • Zuletzt bearbeitet 16.06.2026 22:56:14

The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by...

Exploit
  • EPSS 70.2%
  • Veröffentlicht 13.08.2008 01:41:00
  • Zuletzt bearbeitet 16.06.2026 22:56:14

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows con...

Exploit
  • EPSS 14.09%
  • Veröffentlicht 13.08.2008 01:41:00
  • Zuletzt bearbeitet 16.06.2026 22:56:14

Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended ...

  • EPSS 3.6%
  • Veröffentlicht 09.07.2008 00:41:00
  • Zuletzt bearbeitet 16.06.2026 22:53:39

Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (...

  • EPSS 3.76%
  • Veröffentlicht 24.06.2008 19:41:00
  • Zuletzt bearbeitet 16.06.2026 22:54:19

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent at...

  • EPSS 3.7%
  • Veröffentlicht 24.06.2008 19:41:00
  • Zuletzt bearbeitet 16.06.2026 22:54:19

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger mem...

  • EPSS 4.28%
  • Veröffentlicht 24.06.2008 19:41:00
  • Zuletzt bearbeitet 16.06.2026 22:54:11

The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related t...

  • EPSS 4.46%
  • Veröffentlicht 24.06.2008 19:41:00
  • Zuletzt bearbeitet 16.06.2026 22:54:11

Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service v...

  • EPSS 4.26%
  • Veröffentlicht 24.06.2008 19:41:00
  • Zuletzt bearbeitet 16.06.2026 22:54:10

Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or ...