cpe:/a:ruby-lang:ruby:1.8.5-p230 cpe:/a:ruby-lang:ruby:1.8.6-p229 cpe:/a:ruby-lang:ruby:1.8.7-p21 cpe:/a:ruby-lang:ruby:1.9.0-1 CVE-2008-2662 2008-06-24T15:41:00.000-04:00 2017-09-28T21:31:15.380-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-06-24T16:47:00.000-04:00 ALLOWS_ADMIN_ACCESS SECTRACK 1020347 BUGTRAQ 20080626 rPSA-2008-0206-1 ruby BID 29903 SECUNIA 30802 SECUNIA 30831 SECUNIA 30867 SECUNIA 30875 SECUNIA 30894 SECUNIA 31062 SECUNIA 31181 SECUNIA 31256 SECUNIA 31687 SECUNIA 33178 VUPEN ADV-2008-1907 VUPEN ADV-2008-1981 APPLE APPLE-SA-2008-06-30 DEBIAN DSA-1612 DEBIAN DSA-1618 FEDORA FEDORA-2008-5649 GENTOO GLSA-200812-17 MANDRIVA MDVSA-2008:140 MANDRIVA MDVSA-2008:141 MANDRIVA MDVSA-2008:142 REDHAT RHSA-2008:0561 SLACKWARE SSA:2008-179-01 SUSE SUSE-SR:2008:017 UBUNTU USN-621-1 MISC http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/ CONFIRM http://support.apple.com/kb/HT2163 MISC http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206 MISC http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/ MISC http://www.ruby-forum.com/topic/157034 CONFIRM http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/ MISC http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html MISC http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html CONFIRM https://issues.rpath.com/browse/RPL-2626 XF ruby-rbstrbufappend-code-execution(43345) Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.