Back to search
CVE-2011-0188
Published: Mar 23, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2011:0910
vendor-advisory
x_refsource_REDHAT
1025236
vdb-entry
x_refsource_SECTRACK
MDVSA-2011:098
vendor-advisory
x_refsource_MANDRIVA
RHSA-2011:0909
vendor-advisory
x_refsource_REDHAT
APPLE-SA-2011-03-21-1
vendor-advisory
x_refsource_APPLE
RHSA-2011:0908
vendor-advisory
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=682332
x_refsource_CONFIRM
MDVSA-2011:097
vendor-advisory
x_refsource_MANDRIVA
http://support.apple.com/kb/HT4581
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now