Description
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."
Remediation
References
Related Vulnerabilities
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-26477)
WordPress Plugin WP Import Export Information Disclosure (3.9.15)
WordPress Plugin WP Super Cache PHP Code Injection (1.2)
WordPress Plugin WP YouTube Live Cross-Site Scripting (1.8.2)
WordPress Plugin Quotes and Tips by BestWebSoft Cross-Site Scripting (1.32)