Description

Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.

Remediation

References

CVE-2008-2662

Related Vulnerabilities

TYPO3 Improper Input Validation Vulnerability (CVE-2009-0258)

Grafana Insufficiently Protected Credentials Vulnerability (CVE-2022-31130)

WordPress Plugin Booking Calendar Contact Form Multiple Vulnerabilities (1.0.23)

WordPress Plugin MarketPress-WordPress eCommerce PHP Object Injection (3.2.6)

PrestaShop CVE-2018-19125 Vulnerability (CVE-2018-19125)

Severity

Critical

Classification

CVE-2008-2662

Tags

Missing Update Known Vulnerabilities