CVE-2008-2663

Ruby < 1.8.4, 1.8.5 < p231, 1.8.6 < p230, 1.8.7 < p22 - Integer Overflow in rb_ary_store

Title source: llm

Description

Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

References (40)

Core 40

Core References

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/43346

Third Party Advisory x_refsource_confirm

http://support.apple.com/kb/HT2163

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31090

Third Party Advisory x_refsource_misc

http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities

Third Party Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2008:141

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30875

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/1981/references

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/1907/references

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2008/dsa-1618

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31687

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30894

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31062

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31256

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/493688/100/0/threaded

Third Party Advisory x_refsource_misc

http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/

Third Party Advisory vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10524

Mailing List, Third Party Advisory vendor-advisory x_refsource_slackware

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562

Mailing List, Third Party Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1020347

Third Party Advisory x_refsource_misc

http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html

Broken Link x_refsource_confirm

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206

Third Party Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html

Third Party Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2008:140

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30802

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30831

Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0561.html

Broken Link x_refsource_confirm

https://issues.rpath.com/browse/RPL-2626

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2008/dsa-1612

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200812-17.xml

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33178

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/29903

Broken Link x_refsource_misc

http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30867

Third Party Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2008:142

Patch, Vendor Advisory x_refsource_confirm

http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/

Third Party Advisory x_refsource_misc

http://www.ruby-forum.com/topic/157034

Third Party Advisory x_refsource_misc

http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-621-1

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31181

Scores

EPSS 0.0446

EPSS Percentile 90.2%

Details

CWE

CWE-190

Status published

Products (6)

canonical/ubuntu_linux 6.06

canonical/ubuntu_linux 7.04

canonical/ubuntu_linux 7.10

canonical/ubuntu_linux 8.04

debian/debian_linux 4.0

ruby-lang/ruby < 1.8.4

Published Jun 24, 2008

Tracked Since Feb 18, 2026