CVE-2008-2726

Current Description

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Basic Data

PublishedJune 24, 2008
Last ModifiedNovember 01, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-189
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.8
SeverityHIGH
Exploitability Score10.0
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRuby-langRuby********1.8.4
    2.3ApplicationRuby-langRuby********1.8.51.8.5.231
    2.3ApplicationRuby-langRuby********1.8.61.8.6.230
    2.3ApplicationRuby-langRuby********1.8.71.8.7.22
    2.3ApplicationRuby-langRuby********1.9.01.9.0.2
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux4.0*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCanonicalUbuntu Linux6.06***lts***
    2.3OSCanonicalUbuntu Linux7.04*******
    2.3OSCanonicalUbuntu Linux7.10*******
    2.3OSCanonicalUbuntu Linux8.04***lts***

Vulnerable Software List

VendorProductVersions
Ruby-lang Ruby *
Debian Debian Linux 4.0
Canonical Ubuntu Linux 6.06, 7.04, 7.10, 8.04

References

NameSourceURLTags
http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-resMISCThird Party Advisory
APPLE-SA-2008-06-30http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlAPPLEMailing List Third Party Advisory
SUSE-SR:2008:017http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlSUSEThird Party Advisory
30802http://secunia.com/advisories/30802SECUNIAThird Party Advisory
30831http://secunia.com/advisories/30831SECUNIAThird Party Advisory
30867http://secunia.com/advisories/30867SECUNIAThird Party Advisory
30875http://secunia.com/advisories/30875SECUNIAThird Party Advisory
30894http://secunia.com/advisories/30894SECUNIAThird Party Advisory
31062http://secunia.com/advisories/31062SECUNIAThird Party Advisory
31090http://secunia.com/advisories/31090SECUNIAThird Party Advisory
31181http://secunia.com/advisories/31181SECUNIAThird Party Advisory
31256http://secunia.com/advisories/31256SECUNIAThird Party Advisory
31687http://secunia.com/advisories/31687SECUNIAThird Party Advisory
33178http://secunia.com/advisories/33178SECUNIAThird Party Advisory
GLSA-200812-17http://security.gentoo.org/glsa/glsa-200812-17.xmlGENTOOThird Party Advisory
SSA:2008-179-01http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562SLACKWAREThird Party Advisory
http://support.apple.com/kb/HT2163http://support.apple.com/kb/HT2163CONFIRMThird Party Advisory
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460CONFIRMVendor Advisory
http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilitieshttp://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilitiesMISCThird Party Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206CONFIRMBroken Link
DSA-1612http://www.debian.org/security/2008/dsa-1612DEBIANThird Party Advisory
DSA-1618http://www.debian.org/security/2008/dsa-1618DEBIANThird Party Advisory
MDVSA-2008:140http://www.mandriva.com/security/advisories?name=MDVSA-2008:140MANDRIVAThird Party Advisory
MDVSA-2008:141http://www.mandriva.com/security/advisories?name=MDVSA-2008:141MANDRIVAThird Party Advisory
MDVSA-2008:142http://www.mandriva.com/security/advisories?name=MDVSA-2008:142MANDRIVAThird Party Advisory
http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/MISCThird Party Advisory
[fedora-security-commits] 20080620 fedora-security/audit f10, 1.7, 1.8 f8, 1.225, 1.226 f9, 1.215, 1.216http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.htmlMLISTThird Party Advisory
RHSA-2008:0561http://www.redhat.com/support/errata/RHSA-2008-0561.htmlREDHATThird Party Advisory
http://www.ruby-forum.com/topic/157034http://www.ruby-forum.com/topic/157034MISCThird Party Advisory
http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.htmlhttp://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.htmlMISCThird Party Advisory
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/CONFIRMPATCH Vendor Advisory
20080626 rPSA-2008-0206-1 rubyhttp://www.securityfocus.com/archive/1/493688/100/0/threadedBUGTRAQThird Party Advisory VDB Entry
29903http://www.securityfocus.com/bid/29903BIDThird Party Advisory VDB Entry
1020347http://www.securitytracker.com/id?1020347SECTRACKThird Party Advisory VDB Entry
USN-621-1http://www.ubuntu.com/usn/usn-621-1UBUNTUThird Party Advisory
ADV-2008-1907http://www.vupen.com/english/advisories/2008/1907/referencesVUPENThird Party Advisory
ADV-2008-1981http://www.vupen.com/english/advisories/2008/1981/referencesVUPENThird Party Advisory
http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.htmlhttp://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.htmlMISCBroken Link
https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657CONFIRMThird Party Advisory
ruby-rbarysplice-begrlen-code-execution(43351)https://exchange.xforce.ibmcloud.com/vulnerabilities/43351XFThird Party Advisory VDB Entry
https://issues.rpath.com/browse/RPL-2626https://issues.rpath.com/browse/RPL-2626CONFIRMBroken Link
oval:org.mitre.oval:def:9959https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959OVALThird Party Advisory
FEDORA-2008-5649https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.htmlFEDORAThird Party Advisory