CVE-2008-2662 in Rubyinfo

Summary

Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

06/10/2008

Disclosure

06/24/2008

Moderation

VulDB entry created

Entries

VDB-42881 (1)

CPE

ready

CWE

CWE-189 (Confirmed)

CVSS

10.0

EPSS

0.02771

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2008-2662
NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-2662
CVE Details	https://www.cvedetails.com/cve/CVE-2008-2662/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!