Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2008-2376

Published: 09/07/2008 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Fedora 8

Vulnerability Summary

Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent malicious users to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.

Vulnerable Product Search on Vulmon Subscribe to Product

ruby-lang ruby 1.8.6.230

Vendor Advisories

Ubuntu Security Notice: ruby1.8 vulnerabilities
Akira Tagoh discovered a vulnerability in Ruby which lead to an integer overflow If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program (CVE-2008-2376) ...
Debian Security Advisories: DSA-1618-1 ruby1.9 -- several vulnerabilities
Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-2662 Drew Yao discovered that multiple integer overflows in the string processing code ma ...
Debian Security Advisories: DSA-1612-1 ruby1.8 -- several vulnerabilities
Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-2662 Drew Yao discovered that multiple integer overflows in the string processing code ma ...

References

CWE-189http://www.openwall.com/lists/oss-security/2008/07/02/3http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17756https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00112.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-July/msg00161.htmlhttp://secunia.com/advisories/30927https://issues.rpath.com/browse/RPL-2639http://secunia.com/advisories/31062http://www.debian.org/security/2008/dsa-1618http://www.debian.org/security/2008/dsa-1612http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0218http://secunia.com/advisories/31256http://www.redhat.com/support/errata/RHSA-2008-0561.htmlhttp://secunia.com/advisories/31006http://secunia.com/advisories/31090http://secunia.com/advisories/31181http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-260A.htmlhttp://wiki.rpath.com/Advisories:rPSA-2008-0218http://www.mandriva.com/security/advisories?name=MDVSA-2008:141http://www.mandriva.com/security/advisories?name=MDVSA-2008:142http://www.mandriva.com/security/advisories?name=MDVSA-2008:140http://security.gentoo.org/glsa/glsa-200812-17.xmlhttp://secunia.com/advisories/33178http://secunia.com/advisories/32219http://www.vupen.com/english/advisories/2008/2584https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9863https://usn.ubuntu.com/651-1/http://www.securityfocus.com/archive/1/494104/100/0/threadedhttps://nvd.nist.govhttps://usn.ubuntu.com/651-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook