QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2008-2376

Back to search

CVE-2008-2376

Published: Jul 9, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.

VendorProductVersions

n/a

n/a

affected
n/a

References

31090
third-party-advisory
x_refsource_SECUNIA
USN-651-1
vendor-advisory
x_refsource_UBUNTU
MDVSA-2008:141
vendor-advisory
x_refsource_MANDRIVA
APPLE-SA-2008-09-15
vendor-advisory
x_refsource_APPLE
31006
third-party-advisory
x_refsource_SECUNIA
FEDORA-2008-6033
vendor-advisory
x_refsource_FEDORA
DSA-1618
vendor-advisory
x_refsource_DEBIAN
TA08-260A
third-party-advisory
x_refsource_CERT
ADV-2008-2584
vdb-entry
x_refsource_VUPEN
31062
third-party-advisory
x_refsource_SECUNIA
31256
third-party-advisory
x_refsource_SECUNIA
FEDORA-2008-6094
vendor-advisory
x_refsource_FEDORA
32219
third-party-advisory
x_refsource_SECUNIA
MDVSA-2008:140
vendor-advisory
x_refsource_MANDRIVA
oval:org.mitre.oval:def:9863
vdb-entry
signature
x_refsource_OVAL
RHSA-2008:0561
vendor-advisory
x_refsource_REDHAT
DSA-1612
vendor-advisory
x_refsource_DEBIAN
GLSA-200812-17
vendor-advisory
x_refsource_GENTOO
33178
third-party-advisory
x_refsource_SECUNIA
30927
third-party-advisory
x_refsource_SECUNIA
20080708 rPSA-2008-0218-1 ruby
mailing-list
x_refsource_BUGTRAQ
MDVSA-2008:142
vendor-advisory
x_refsource_MANDRIVA
31181
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now