CVE-2008-2726

Severity

78%

Complexity

99%

Confidentiality

115%

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

CVSS 2.0 Base Score 7.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C).

Overview

First reported 16 years ago

2008-06-24 19:41:00

Last updated 6 years ago

2018-11-01 15:07:00

Affected Software

Ruby-lang Ruby

Debian GNU/Linux 4.0

4.0

Canonical Ubuntu Linux 6.06 LTS (Long-Term Support)

6.06

Canonical Ubuntu Linux 7.04

7.04

Canonical Ubuntu Linux 7.10

7.10

Canonical Ubuntu Linux 8.04 LTS (Long-Term Support)

8.04

References

http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/

Third Party Advisory

APPLE-SA-2008-06-30

Mailing List, Third Party Advisory

SUSE-SR:2008:017

Third Party Advisory

30802

Third Party Advisory

30831

Third Party Advisory

30867

Third Party Advisory

30875

Third Party Advisory

30894

Third Party Advisory

31062

Third Party Advisory

31090

Third Party Advisory

31181

Third Party Advisory

31256

Third Party Advisory

31687

Third Party Advisory

33178

Third Party Advisory

GLSA-200812-17

Third Party Advisory

SSA:2008-179-01

Third Party Advisory

http://support.apple.com/kb/HT2163

Third Party Advisory

http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460

Vendor Advisory

http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities

Third Party Advisory

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206

Broken Link

DSA-1612

Third Party Advisory

DSA-1618

Third Party Advisory

MDVSA-2008:140

Third Party Advisory

MDVSA-2008:141

Third Party Advisory

MDVSA-2008:142

Third Party Advisory

http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/

Third Party Advisory

[fedora-security-commits] 20080620 fedora-security/audit f10, 1.7, 1.8 f8, 1.225, 1.226 f9, 1.215, 1.216

Third Party Advisory

RHSA-2008:0561

Third Party Advisory

http://www.ruby-forum.com/topic/157034

Third Party Advisory

http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html

Third Party Advisory

http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/

Patch, Vendor Advisory

20080626 rPSA-2008-0206-1 ruby

Third Party Advisory, VDB Entry

29903

Third Party Advisory, VDB Entry

1020347

Third Party Advisory, VDB Entry

USN-621-1

Third Party Advisory

ADV-2008-1907

Third Party Advisory

ADV-2008-1981

Third Party Advisory

http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html

Broken Link

https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657

Third Party Advisory

ruby-rbarysplice-begrlen-code-execution(43351)

Third Party Advisory, VDB Entry

https://issues.rpath.com/browse/RPL-2626

Broken Link

oval:org.mitre.oval:def:9959

Third Party Advisory

FEDORA-2008-5649

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.