Published: 23/03/2011 Updated: 24/08/2011

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and previous versions, as used on Apple Mac OS X prior to 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent malicious users to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."

Vulnerable Product	Search on Vulmon	Subscribe to Product
ruby-lang ruby 1.9.1
ruby-lang ruby 1.9.2
ruby-lang ruby 1.9.0-20060415
ruby-lang ruby
ruby-lang ruby 1.9.0-0
ruby-lang ruby 1.9
ruby-lang ruby 1.9.0-20070709
ruby-lang ruby 1.9.0-1
ruby-lang ruby 1.9.0
ruby-lang ruby 1.9.0-2

Several security issues were fixed in ruby18 ...

CWE-189 http://support.apple.com/kb/HT4581 https://bugzilla.redhat.com/show_bug.cgi?id=682332 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993 http://www.securitytracker.com/id?1025236 http://www.redhat.com/support/errata/RHSA-2011-0910.html http://www.redhat.com/support/errata/RHSA-2011-0908.html http://www.redhat.com/support/errata/RHSA-2011-0909.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:097 http://www.mandriva.com/security/advisories?name=MDVSA-2011:098 https://usn.ubuntu.com/1377-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-0188

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect