CVE-2008-2376 - Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context

CVE-2008-2376

Summary

Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.

References

Vulnerable Configurations

cpe:2.3:o:redhat:fedora_8:1.8.6.230:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora_8:1.8.6.230:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.6.230:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.6.230:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 13-02-2023 - 02:19)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

oval via4

accepted

2013-04-29T04:22:51.987-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:9863

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

rhsa

id	RHSA-2008:0561

rpms

irb-0:1.8.1-7.el4_6.1
ruby-0:1.8.1-7.el4_6.1
ruby-0:1.8.5-5.el5_2.3
ruby-debuginfo-0:1.8.1-7.el4_6.1
ruby-debuginfo-0:1.8.5-5.el5_2.3
ruby-devel-0:1.8.1-7.el4_6.1
ruby-devel-0:1.8.5-5.el5_2.3
ruby-docs-0:1.8.1-7.el4_6.1
ruby-docs-0:1.8.5-5.el5_2.3
ruby-irb-0:1.8.5-5.el5_2.3
ruby-libs-0:1.8.1-7.el4_6.1
ruby-libs-0:1.8.5-5.el5_2.3
ruby-mode-0:1.8.1-7.el4_6.1
ruby-mode-0:1.8.5-5.el5_2.3
ruby-rdoc-0:1.8.5-5.el5_2.3
ruby-ri-0:1.8.5-5.el5_2.3
ruby-tcltk-0:1.8.1-7.el4_6.1
ruby-tcltk-0:1.8.5-5.el5_2.3
irb-0:1.6.4-6.el2
irb-0:1.6.8-12.el3
ruby-0:1.6.4-6.el2
ruby-0:1.6.8-12.el3
ruby-debuginfo-0:1.6.8-12.el3
ruby-devel-0:1.6.4-6.el2
ruby-devel-0:1.6.8-12.el3
ruby-docs-0:1.6.4-6.el2
ruby-docs-0:1.6.8-12.el3
ruby-libs-0:1.6.4-6.el2
ruby-libs-0:1.6.8-12.el3
ruby-mode-0:1.6.8-12.el3
ruby-tcltk-0:1.6.4-6.el2
ruby-tcltk-0:1.6.8-12.el3

refmap via4

apple	APPLE-SA-2008-09-15
bugtraq	20080708 rPSA-2008-0218-1 ruby
cert	TA08-260A
confirm	http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17756 http://wiki.rpath.com/Advisories:rPSA-2008-0218 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0218 https://issues.rpath.com/browse/RPL-2639
debian	DSA-1612 DSA-1618
fedora	FEDORA-2008-6033 FEDORA-2008-6094
gentoo	GLSA-200812-17
mandriva	MDVSA-2008:140 MDVSA-2008:141 MDVSA-2008:142
mlist	[oss-security] 20080702 More ruby integer overflows (rb_ary_fill / Array#fill)
secunia	30927 31006 31062 31090 31181 31256 32219 33178
ubuntu	USN-651-1
vupen	ADV-2008-2584

Last major update

13-02-2023 - 02:19

Published

09-07-2008 - 00:41

Last modified

13-02-2023 - 02:19