| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.3 | $0-$5k | 0.00 |
Summary
A vulnerability identified as problematic has been detected in Ruby 1.8.6.230. This affects the function rb_ary_fill. This manipulation causes numeric error.
This vulnerability is registered as CVE-2008-2376. No exploit is available.
You should upgrade the affected component.
Details
A vulnerability has been found in Ruby 1.8.6.230 (Programming Language Software) and classified as problematic. Affected by this vulnerability is the function rb_ary_fill. The manipulation with an unknown input leads to a numeric error vulnerability. The CWE definition for the vulnerability is CWE-189. As an impact it is known to affect availability. The summary by CVE is:
Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.
The bug was discovered 06/30/2008. The weakness was published 07/02/2008 by Vincenzo Iozzo with Secure Network (Website). It is possible to read the advisory at securenetwork.it. This vulnerability is known as CVE-2008-2376 since 05/21/2008. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details of the vulnerability are known, but there is no available exploit.
It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 2 days. During that time the estimated underground price was around $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 67716 (Oracle Linux 4 / 5 : ruby (ELSA-2008-0561)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Oracle Linux Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 117264 (CentOS Security Update for Ruby (CESA-2008:0562)).
Upgrading eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at svn.ruby-lang.org. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published 3 weeks after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (43681), Tenable (67716), SecurityFocus (BID 29903†), OSVDB (46691†) and Secunia (SA32219†). Similar entries are available at VDB-42885, VDB-42884, VDB-42883 and VDB-42882. Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.9VulDB Meta Temp Score: 5.3
VulDB Base Score: 5.9
VulDB Temp Score: 5.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Numeric errorCWE: CWE-189
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 67716
Nessus Name: Oracle Linux 4 / 5 : ruby (ELSA-2008-0561)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Nessus Port: 🔍
OpenVAS ID: 61362
OpenVAS Name: Debian Security Advisory DSA 1612-1 (ruby1.8)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: svn.ruby-lang.org
Timeline
05/21/2008 🔍06/23/2008 🔍
06/30/2008 🔍
07/02/2008 🔍
07/02/2008 🔍
07/08/2008 🔍
07/08/2008 🔍
07/14/2008 🔍
07/18/2008 🔍
07/21/2008 🔍
07/12/2013 🔍
08/14/2019 🔍
Sources
Advisory: securenetwork.itResearcher: Vincenzo Iozzo
Organization: Secure Network
Status: Not defined
Confirmation: 🔍
CVE: CVE-2008-2376 (🔍)
GCVE (CVE): GCVE-0-2008-2376
GCVE (VulDB): GCVE-100-3775
OVAL: 🔍
X-Force: 43681
SecurityFocus: 29903 - Ruby Multiple Array and String Handling Functions Multiple Arbitrary Code Execution Vulnerabilities
Secunia: 32219 - Ubuntu update for ruby1.8, Moderately Critical
OSVDB: 46691 - Ruby rb_ary_fill() Function Overflow
Vulnerability Center: 18821 - Ruby 1.9-2 and Earlier Integer Overflow via a Call to Array#fill Method, Medium
Vupen: ADV-2008-2584
See also: 🔍
Entry
Created: 07/18/2008 12:39Updated: 08/14/2019 12:56
Changes: 07/18/2008 12:39 (94), 08/14/2019 12:56 (2)
Complete: 🔍
Cache ID: 216:E34:103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.