QwikSec

Security Database

CVE

CWE

Training

CVE-2008-2662

Published: Jun 24, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

SUSE-SR:2008:017

vendor-advisory

x_refsource_SUSE

http://support.apple.com/kb/HT2163

x_refsource_CONFIRM

http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities

x_refsource_MISC

vendor-advisory

x_refsource_MANDRIVA

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_VUPEN

vendor-advisory

x_refsource_DEBIAN

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

20080626 rPSA-2008-0206-1 ruby

mailing-list

x_refsource_BUGTRAQ

http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/

x_refsource_MISC

SSA:2008-179-01

vendor-advisory

x_refsource_SLACKWARE

APPLE-SA-2008-06-30

vendor-advisory

x_refsource_APPLE

vdb-entry

x_refsource_SECTRACK

http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html

x_refsource_MISC

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206

x_refsource_CONFIRM

oval:org.mitre.oval:def:11601

vdb-entry

signature

x_refsource_OVAL

FEDORA-2008-5649

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_MANDRIVA

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_REDHAT

ruby-rbstrbufappend-code-execution(43345)

vdb-entry

x_refsource_XF

https://issues.rpath.com/browse/RPL-2626

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_GENTOO

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_MANDRIVA

http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/

x_refsource_CONFIRM

http://www.ruby-forum.com/topic/157034

x_refsource_MISC

http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.