RubygemsResearch

Sha256: 5c37aeb20540ecd976f6e94c4cae2f686a155edb6f2171818663308355d60967

Contents?: true

Size: 671 Bytes

Versions: 6

Compression:

Stored size: 671 Bytes

---
engine: ruby
cve: 2008-2376
url: http://www.openwall.com/lists/oss-security/2008/07/02/3
title: More ruby integer overflows (rb_ary_fill / Array#fill)
date: 2008-06-30
description: |
  Integer overflow in the rb_ary_fill function in array.c in Ruby before
  revision 17756 allows context-dependent attackers to cause a denial of
  service (crash) or possibly have unspecified other impact via a call to the
  Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE.
  NOTE: this issue exists because of an incomplete fix for other closely
  related integer overflows.
cvss_v2: 7.5
patched_versions:
  - ~> 1.8.6.286
  - ~> 1.8.7.71
  - ">= 1.9.0"

Version data entries

6 entries across 6 versions & 2 rubygems

Version	Path
bundler-audit-0.7.0.1	data/ruby-advisory-db/rubies/ruby/CVE-2008-2376.yml
bundler-budit-0.6.2	data/ruby-advisory-db/rubies/ruby/CVE-2008-2376.yml
bundler-budit-0.6.1	data/ruby-advisory-db/rubies/ruby/CVE-2008-2376.yml
bundler-audit-0.6.1	data/ruby-advisory-db/rubies/ruby/CVE-2008-2376.yml
bundler-audit-0.6.0	data/ruby-advisory-db/rubies/ruby/CVE-2008-2376.yml
bundler-audit-0.5.0	data/ruby-advisory-db/rubies/ruby/CVE-2008-2376.yml