// For flags

CVE-2008-2726

ruby: integer overflow in rb_ary_splice/update/replace() - beg + rlen

Severity Score

7.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Un desbordamiento de enteros en la función (1) rb_ary_splice en Ruby versión 1.8.4 y anteriores, versión 1.8.5 anterior a 1.8.5-p231, versión 1.8.6 anterior a 1.8.6-p230, versión 1.8.7 anterior a 1.8.7-p22, y versión 1.9.0 anterior a 1.9.0-2; y (2) la función rb_ary_replace en versión 1.6.x, permite a los atacantes dependiendo del contexto desencadenar una corrupción en la memoria, también se conoce como el problema "beg + rlen". NOTA: a partir de 20080624, ha habido un uso incoherente de varios identificadores CVE relacionados con Ruby. La descripción del CVE debe considerarse autorizada, aunque es probable que cambie.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-06-16 CVE Reserved
  • 2008-06-24 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-189: Numeric Errors
  • CWE-190: Integer Overflow or Wraparound
CAPEC
References (45)
URL Tag Source
http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue Third Party Advisory
http://secunia.com/advisories/30802 Third Party Advisory
http://secunia.com/advisories/30831 Third Party Advisory
http://secunia.com/advisories/30867 Third Party Advisory
http://secunia.com/advisories/30875 Third Party Advisory
http://secunia.com/advisories/30894 Third Party Advisory
http://secunia.com/advisories/31062 Third Party Advisory
http://secunia.com/advisories/31090 Third Party Advisory
http://secunia.com/advisories/31181 Third Party Advisory
http://secunia.com/advisories/31256 Third Party Advisory
http://secunia.com/advisories/31687 Third Party Advisory
http://secunia.com/advisories/33178 Third Party Advisory
http://support.apple.com/kb/HT2163 Third Party Advisory
http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities Third Party Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206 Broken Link
http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities Third Party Advisory
http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html Mailing List
http://www.ruby-forum.com/topic/157034 Third Party Advisory
http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html Third Party Advisory
http://www.securityfocus.com/archive/1/493688/100/0/threaded Mailing List
http://www.securityfocus.com/bid/29903 Third Party Advisory
http://www.securitytracker.com/id?1020347 Third Party Advisory
http://www.vupen.com/english/advisories/2008/1907/references Third Party Advisory
http://www.vupen.com/english/advisories/2008/1981/references Third Party Advisory
http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html Broken Link
https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/43351 Third Party Advisory
https://issues.rpath.com/browse/RPL-2626 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959 Signature
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
<= 1.8.4
Search vendor "Ruby-lang" for product "Ruby" and version " <= 1.8.4"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
>= 1.8.5 < 1.8.5.231
Search vendor "Ruby-lang" for product "Ruby" and version " >= 1.8.5 < 1.8.5.231"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
>= 1.8.6 < 1.8.6.230
Search vendor "Ruby-lang" for product "Ruby" and version " >= 1.8.6 < 1.8.6.230"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
>= 1.8.7 < 1.8.7.22
Search vendor "Ruby-lang" for product "Ruby" and version " >= 1.8.7 < 1.8.7.22"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
>= 1.9.0 < 1.9.0.2
Search vendor "Ruby-lang" for product "Ruby" and version " >= 1.9.0 < 1.9.0.2"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
4.0
Search vendor "Debian" for product "Debian Linux" and version "4.0"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
7.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
7.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.10"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
8.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"
lts
Affected