CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2008-2664 – ruby: Unsafe use of alloca in rb_str_format()
https://notcve.org/view.php?id=CVE-2008-2664
The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. La función rb_str_format en Ruby 1.8.4 y anteriores, 1.8.5 anterior a 1.8.5-p231, 1.8.6 anterior a 1.8.6-p230, 1.8.7 anterior a 1.8.7-p22 y 1.9.0 anterior a 1.9.0-2 permite a atacantes dependientes del contexto disparar una corrupción de memoria mediante vectores no especificados relacionados con alloca, un problema distinto a CVE-2008-2662, CVE-2008-2663 y CVE-2008-2725. NOTA: a fecha de 24-06-2008, ha habido un uso inconsistente de múltiples identificadores CVE relacionados con Ruby. • http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/30802 http://secunia.com/advisories/30831 http://secunia.com/advisories/30867 http://secunia.com/advisories/30875 http://secunia.com/advisories/30894 http://secunia.com/advisories/31062 http://secunia • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2008-2725 – ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N
https://notcve.org/view.php?id=CVE-2008-2725
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. Un desbordamiento de enteros en la función (1) rb_ary_splice en Ruby 1.8.4 y versiones anteriores, 1.8.5 anterior a versión 1.8.5-p231, 1.8.6 anterior a versión 1.8.6-p230 y 1.8.7 anterior a versión 1.8.7-p22; y (2) la función rb_ary_replace en 1.6.x permite a los atacantes dependiendo del contexto desencadenar una corrupción en la memoria por medio de vectores no especificados, también se conoce como la variante "REALLOC_N", un problema diferente a los CVE-2008-2662, CVE-2008-2663 y CVE-2008-2664. NOTA: a partir de 20080624, ha habido un uso incoherente de varios identificadores CVE relacionados con Ruby. • http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/30802 http://secunia.com/advisories/30831 http://secunia.com/advisories/30867 http://secunia.com/advisories/30875 http://secunia.com/advisories/30894 http://secunia.com/advisories/31062 http://secunia • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2008-2726 – ruby: integer overflow in rb_ary_splice/update/replace() - beg + rlen
https://notcve.org/view.php?id=CVE-2008-2726
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. Un desbordamiento de enteros en la función (1) rb_ary_splice en Ruby versión 1.8.4 y anteriores, versión 1.8.5 anterior a 1.8.5-p231, versión 1.8.6 anterior a 1.8.6-p230, versión 1.8.7 anterior a 1.8.7-p22, y versión 1.9.0 anterior a 1.9.0-2; y (2) la función rb_ary_replace en versión 1.6.x, permite a los atacantes dependiendo del contexto desencadenar una corrupción en la memoria, también se conoce como el problema "beg + rlen". NOTA: a partir de 20080624, ha habido un uso incoherente de varios identificadores CVE relacionados con Ruby. • http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/30802 http://secunia.com/advisories/30831 http://secunia.com/advisories/30867 http://secunia.com/advisories/30875 http://secunia.com/advisories/30894 http://secunia.com/advisories/31062 http://secunia • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2008-2662 – ruby: Integer overflows in rb_str_buf_append()
https://notcve.org/view.php?id=CVE-2008-2662
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change. Múltiples desbordamientos de entero en la función rb_str_buf_append de Ruby 1.8.4 y anteriores, 1.8.5 antes de 1.8.5-p231, 1.8.6 anterior a 1.8.6-p230, 1.8.7 anterior a 1.8.7-p22 y 1.9.0 antes de 1.9.0-2 permite a atacantes dependientes del contexto ejecutar código de su elección o provocar una denegación de servicio mediante vectores desconocidos que disparan una corrupción de memoria, un problema distinto a CVE-2008-2663, CVE-2008-2664 y CVE-2008-2725. NOTA: a fecha de 24-06-2008, ha habido un uso inconsistente de múltiples identificadores CVE relacionados con Ruby. • http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/30802 http://secunia.com/advisories/30831 http://secunia.com/advisories/30867 http://secunia.com/advisories/30875 http://secunia.com/advisories/30894 http://secunia.com/advisories/31062 http://secunia • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2008-2663 – ruby: Integer overflows in rb_ary_store()
https://notcve.org/view.php?id=CVE-2008-2663
Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. Múltiples desbordamientos de entero en la función rb_ary_store de Ruby 1.8.4 y anteriores, 1.8.5 anterior a 1.8.5-p231, 1.8.6 anterior a 1.8.6-p230 y 1.8.7 anterior a 1.8.7-p22 permite a atacantes dependientes del contexto ejecutar código de su elección mediante vectores desconocidos, un problema distinto a CVE-2008-2662, CVE-2008-2664 y CVE-2008-2725. NOTA: a fecha de 24-06-2008, ha habido un uso inconsistente de múltiples identificadores CVE relacionados con Ruby. • http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/30802 http://secunia.com/advisories/30831 http://secunia.com/advisories/30867 http://secunia.com/advisories/30875 http://secunia.com/advisories/30894 http://secunia.com/advisories/31062 http://secunia • CWE-190: Integer Overflow or Wraparound •