Description

Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.

Remediation

References

CVE-2008-2662

Related Vulnerabilities

DataTables Prototype Pollution Vulnerability (CVE-2020-28458)

PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-15098)

WordPress Plugin IMDb Profile Widget Local File Inclusion (1.0.8)

Moodle Insufficient Verification of Data Authenticity Vulnerability (CVE-2023-5548)

Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-10352)

Severity

Critical

Classification

CVE-2008-2662

Tags

Missing Update Known Vulnerabilities