Sha256: 132ac9109b6cc825b39d7314aaba831abf7d1914ba4abd8fd0659268394b6bc5

Contents?: true

Size: 545 Bytes

Versions: 6

Compression:

Stored size: 545 Bytes

Contents

---
engine: ruby
cve: 2008-2726
osvdb: 46554
url: http://www.osvdb.org/show/osvdb/46554
title: Ruby rb_ary_splice Function Overflow (beg + rlen)
date: 2008-06-20
description: |
  A buffer overflow exists in Ruby. The rb_ary_splice function fails to
  validate unspecified data resulting in an integer overflow. With a specially crafted
  request, a context-dependent attacker can cause arbitrary code execution resulting
  in a loss of integrity.
cvss_v2: 7.8
patched_versions:
  - ~> 1.8.5.231
  - ~> 1.8.6.230
  - ~> 1.8.7.22
  - ">= 1.9.0.2"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/rubies/ruby/CVE-2008-2726.yml
bundler-budit-0.6.2 data/ruby-advisory-db/rubies/ruby/OSVDB-46554.yml
bundler-budit-0.6.1 data/ruby-advisory-db/rubies/ruby/OSVDB-46554.yml
bundler-audit-0.6.1 data/ruby-advisory-db/rubies/ruby/OSVDB-46554.yml
bundler-audit-0.6.0 data/ruby-advisory-db/rubies/ruby/OSVDB-46554.yml
bundler-audit-0.5.0 data/ruby-advisory-db/rubies/ruby/OSVDB-46554.yml