QwikSec

Security Database

CVE

CWE

Training

CVE-2008-2725

Published: Jun 24, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

SUSE-SR:2008:017

vendor-advisory

x_refsource_SUSE

http://support.apple.com/kb/HT2163

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities

x_refsource_MISC

vendor-advisory

x_refsource_MANDRIVA

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_VUPEN

oval:org.mitre.oval:def:9606

vdb-entry

signature

x_refsource_OVAL

vendor-advisory

x_refsource_DEBIAN

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2727

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

ruby-rbarysplice-code-execution(43350)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

20080626 rPSA-2008-0206-1 ruby

mailing-list

x_refsource_BUGTRAQ

http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/

x_refsource_MISC

SSA:2008-179-01

vendor-advisory

x_refsource_SLACKWARE

APPLE-SA-2008-06-30

vendor-advisory

x_refsource_APPLE

vdb-entry

x_refsource_SECTRACK

http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html

x_refsource_MISC

[fedora-security-commits] 20080620 fedora-security/audit f10, 1.7, 1.8 f8, 1.225, 1.226 f9, 1.215, 1.216

mailing-list

x_refsource_MLIST

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206

x_refsource_CONFIRM

https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657

x_refsource_CONFIRM

FEDORA-2008-5649

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_MANDRIVA

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_REDHAT

https://issues.rpath.com/browse/RPL-2626

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_GENTOO

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_MANDRIVA

http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/

x_refsource_CONFIRM

http://www.ruby-forum.com/topic/157034

x_refsource_MISC

http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.