CVE-2008-2376 – ruby: integer overflows in rb_ary_fill() / Array#fill

https://notcve.org/view.php?id=CVE-2008-2376

09 Jul 2008 — Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows. Desbordamiento de entero en la función rb_ary_fill en array.c en Ruby antes de la revisión 17756 que permite a los atac... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •