CVE - CVE-2008-2376

CVE-ID
CVE-2008-2376	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:20080708 rPSA-2008-0218-1 ruby URL:http://www.securityfocus.com/archive/1/494104/100/0/threaded MISC:30927 URL:http://secunia.com/advisories/30927 MISC:31006 URL:http://secunia.com/advisories/31006 MISC:31062 URL:http://secunia.com/advisories/31062 MISC:31090 URL:http://secunia.com/advisories/31090 MISC:31181 URL:http://secunia.com/advisories/31181 MISC:31256 URL:http://secunia.com/advisories/31256 MISC:32219 URL:http://secunia.com/advisories/32219 MISC:33178 URL:http://secunia.com/advisories/33178 MISC:ADV-2008-2584 URL:~~http://www.vupen.com/english/advisories/2008/2584~~ (Obsolete source) MISC:APPLE-SA-2008-09-15 URL:http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html MISC:DSA-1612 URL:http://www.debian.org/security/2008/dsa-1612 MISC:DSA-1618 URL:http://www.debian.org/security/2008/dsa-1618 MISC:FEDORA-2008-6033 URL:https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00112.html MISC:FEDORA-2008-6094 URL:https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00161.html MISC:GLSA-200812-17 URL:http://security.gentoo.org/glsa/glsa-200812-17.xml MISC:MDVSA-2008:140 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:140~~ (Obsolete source) MISC:MDVSA-2008:141 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:141~~ (Obsolete source) MISC:MDVSA-2008:142 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:142~~ (Obsolete source) MISC:RHSA-2008:0561 URL:http://www.redhat.com/support/errata/RHSA-2008-0561.html MISC:TA08-260A URL:http://www.us-cert.gov/cas/techalerts/TA08-260A.html MISC:USN-651-1 URL:https://usn.ubuntu.com/651-1/ MISC:[oss-security] 20080702 More ruby integer overflows (rb_ary_fill / Array#fill) URL:http://www.openwall.com/lists/oss-security/2008/07/02/3 MISC:http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17756 URL:http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17756 MISC:http://wiki.rpath.com/Advisories:rPSA-2008-0218 URL:http://wiki.rpath.com/Advisories:rPSA-2008-0218 MISC:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0218 URL:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0218 MISC:https://issues.rpath.com/browse/RPL-2639 URL:https://issues.rpath.com/browse/RPL-2639 MISC:oval:org.mitre.oval:def:9863 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9863
Assigning CNA
Red Hat, Inc.
Date Record Created
20080521	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080521)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)