Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Multiple integer overflows in the rb_str_buf_append function in
- Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before
- 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2
- allow context-dependent attackers to execute arbitrary code or
- cause a denial of service via unknown vectors that trigger memory
- corruption. (CVE-2008-2662)
- Multiple integer overflows in the rb_ary_store function in Ruby
- 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230,
- and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to
- execute arbitrary code or cause a denial of service via unknown
- vectors. (CVE-2008-2663)
- The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before
- 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0
- before 1.9.0-2 allows context-dependent attackers to trigger memory
- corruption via unspecified vectors related to alloca. (CVE-2008-2664)
- Integer overflow in the rb_ary_splice function in Ruby 1.8.4
- and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230,
- and 1.8.7 before 1.8.7-p22 allows context-dependent attackers to
- trigger memory corruption via unspecified vectors, aka the REALLOC_N
- variant. (CVE-2008-2725)
- Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and
- earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before
- 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers
- to trigger memory corruption, aka the beg + rlen issue. (CVE-2008-2726)
- Integer overflow in the rb_ary_fill function in array.c in Ruby before
- revision 17756 allows context-dependent attackers to cause a denial
- of service (crash) or possibly have unspecified other impact via a
- call to the Array#fill method with a start (aka beg) argument greater
- than ARY_MAX_SIZE. (CVE-2008-2376)
Add Comment
Please, Sign In to add comment