CVE-2008-2376 – ruby: integer overflows in rb_ary_fill() / Array#fill

https://notcve.org/view.php?id=CVE-2008-2376

Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows. Desbordamiento de entero en la función rb_ary_fill en array.c en Ruby antes de la revisión 17756 que permite a los atacantes dependientes de contesto causar una denegación de servicios (caída) o posiblemente otro impacto no especificado a través de la llamada al método Arrray#fill con un argumento de entrada (alias beg) mayor que ARY_MAX_SIZE NOTA: esto existe por un parche incompleto para otros desbordamientos de enteros • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://secunia.com/advisories/30927 http://secunia.com/advisories/31006 http://secunia.com/advisories/31062 http://secunia.com/advisories/31090 http://secunia.com/advisories/31181 http://secunia.com/advisories/31256 http://secunia.com/advisories/32219 http://secunia.com/advisories/33178 http://security.gentoo.org/glsa/glsa-200812-17.xml http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision&# • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •