Sha256: 941bcfcfa89aa2f18d8f6e6d71d3f3b88d4299a074a2ab35ae36ba6c0ca89107

Contents?: true

Size: 728 Bytes

Versions: 6

Compression:

Stored size: 728 Bytes

Contents

---
engine: ruby
cve: 2011-0188
url: https://github.com/ruby/ruby/commit/f83651ac30c7c776dee8a6a401c654757cb8d1c2
title: Ruby memory corruption in BigDecimal on 64bit platforms
date: 2011-03-01
description: |
  The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby
  1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other
  platforms, does not properly allocate memory, which allows context-dependent
  attackers to execute arbitrary code or cause a denial of service (application
  crash) via vectors involving creation of a large BigDecimal value within a
  64-bit process, related to an "integer truncation issue."
cvss_v2: 6.8
patched_versions:
  - ~> 1.8.7.370
  - ">= 1.9.3.preview.1"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/rubies/ruby/CVE-2011-0188.yml
bundler-budit-0.6.2 data/ruby-advisory-db/rubies/ruby/CVE-2011-0188.yml
bundler-budit-0.6.1 data/ruby-advisory-db/rubies/ruby/CVE-2011-0188.yml
bundler-audit-0.6.1 data/ruby-advisory-db/rubies/ruby/CVE-2011-0188.yml
bundler-audit-0.6.0 data/ruby-advisory-db/rubies/ruby/CVE-2011-0188.yml
bundler-audit-0.5.0 data/ruby-advisory-db/rubies/ruby/CVE-2011-0188.yml