Vulnerability-Lookup

CVE-2008-2662 (GCVE-0-2008-2662)

Vulnerability from cvelistv5 – Published: 2008-06-24 19:00 – Updated: 2024-08-07 09:05

Summary

Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://support.apple.com/kb/HT2163	x_refsource_CONFIRM
	http://weblog.rubyonrails.org/2008/6/21/multiple-…	x_refsource_MISC
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/30875	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/1981…	vdb-entryx_refsource_VUPEN
	http://www.vupen.com/english/advisories/2008/1907…	vdb-entryx_refsource_VUPEN
	http://www.debian.org/security/2008/dsa-1618	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/31687	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/30894	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/31062	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/31256	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/493688/100…	mailing-listx_refsource_BUGTRAQ
	http://www.matasano.com/log/1070/updates-on-drew-…	x_refsource_MISC
	http://slackware.com/security/viewer.php?l=slackw…	vendor-advisoryx_refsource_SLACKWARE
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.securitytracker.com/id?1020347	vdb-entryx_refsource_SECTRACK
	http://www.rubyinside.com/june-2008-ruby-security…	x_refsource_MISC
	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/30802	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/30831	third-party-advisoryx_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2008-05…	vendor-advisoryx_refsource_REDHAT
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://issues.rpath.com/browse/RPL-2626	x_refsource_CONFIRM
	http://www.debian.org/security/2008/dsa-1612	vendor-advisoryx_refsource_DEBIAN
	http://security.gentoo.org/glsa/glsa-200812-17.xml	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/33178	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/29903	vdb-entryx_refsource_BID
	http://www.zedshaw.com/rants/the_big_ruby_vulnera…	x_refsource_MISC
	http://secunia.com/advisories/30867	third-party-advisoryx_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.ruby-lang.org/en/news/2008/06/20/arbit…	x_refsource_CONFIRM
	http://www.ruby-forum.com/topic/157034	x_refsource_MISC
	http://blog.phusion.nl/2008/06/23/ruby-186-p23018…	x_refsource_MISC
	http://www.ubuntu.com/usn/usn-621-1	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/31181	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:05:30.275Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2008:017",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT2163"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities"
          },
          {
            "name": "MDVSA-2008:141",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141"
          },
          {
            "name": "30875",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30875"
          },
          {
            "name": "ADV-2008-1981",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1981/references"
          },
          {
            "name": "ADV-2008-1907",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1907/references"
          },
          {
            "name": "DSA-1618",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1618"
          },
          {
            "name": "31687",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31687"
          },
          {
            "name": "30894",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30894"
          },
          {
            "name": "31062",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31062"
          },
          {
            "name": "31256",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31256"
          },
          {
            "name": "20080626 rPSA-2008-0206-1 ruby",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/493688/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/"
          },
          {
            "name": "SSA:2008-179-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.429562"
          },
          {
            "name": "APPLE-SA-2008-06-30",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
          },
          {
            "name": "1020347",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020347"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206"
          },
          {
            "name": "oval:org.mitre.oval:def:11601",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11601"
          },
          {
            "name": "FEDORA-2008-5649",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html"
          },
          {
            "name": "MDVSA-2008:140",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140"
          },
          {
            "name": "30802",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30802"
          },
          {
            "name": "30831",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30831"
          },
          {
            "name": "RHSA-2008:0561",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html"
          },
          {
            "name": "ruby-rbstrbufappend-code-execution(43345)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43345"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-2626"
          },
          {
            "name": "DSA-1612",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1612"
          },
          {
            "name": "GLSA-200812-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
          },
          {
            "name": "33178",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33178"
          },
          {
            "name": "29903",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29903"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html"
          },
          {
            "name": "30867",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30867"
          },
          {
            "name": "MDVSA-2008:142",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ruby-forum.com/topic/157034"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/"
          },
          {
            "name": "USN-621-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-621-1"
          },
          {
            "name": "31181",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31181"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-06-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725.  NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SR:2008:017",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT2163"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities"
        },
        {
          "name": "MDVSA-2008:141",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141"
        },
        {
          "name": "30875",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30875"
        },
        {
          "name": "ADV-2008-1981",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1981/references"
        },
        {
          "name": "ADV-2008-1907",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1907/references"
        },
        {
          "name": "DSA-1618",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1618"
        },
        {
          "name": "31687",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31687"
        },
        {
          "name": "30894",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30894"
        },
        {
          "name": "31062",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31062"
        },
        {
          "name": "31256",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31256"
        },
        {
          "name": "20080626 rPSA-2008-0206-1 ruby",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/493688/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/"
        },
        {
          "name": "SSA:2008-179-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.429562"
        },
        {
          "name": "APPLE-SA-2008-06-30",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
        },
        {
          "name": "1020347",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020347"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206"
        },
        {
          "name": "oval:org.mitre.oval:def:11601",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11601"
        },
        {
          "name": "FEDORA-2008-5649",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html"
        },
        {
          "name": "MDVSA-2008:140",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140"
        },
        {
          "name": "30802",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30802"
        },
        {
          "name": "30831",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30831"
        },
        {
          "name": "RHSA-2008:0561",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html"
        },
        {
          "name": "ruby-rbstrbufappend-code-execution(43345)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43345"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-2626"
        },
        {
          "name": "DSA-1612",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1612"
        },
        {
          "name": "GLSA-200812-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
        },
        {
          "name": "33178",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33178"
        },
        {
          "name": "29903",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29903"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html"
        },
        {
          "name": "30867",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30867"
        },
        {
          "name": "MDVSA-2008:142",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ruby-forum.com/topic/157034"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/"
        },
        {
          "name": "USN-621-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-621-1"
        },
        {
          "name": "31181",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31181"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2662",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725.  NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SR:2008:017",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
            },
            {
              "name": "http://support.apple.com/kb/HT2163",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT2163"
            },
            {
              "name": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities",
              "refsource": "MISC",
              "url": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities"
            },
            {
              "name": "MDVSA-2008:141",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141"
            },
            {
              "name": "30875",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30875"
            },
            {
              "name": "ADV-2008-1981",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1981/references"
            },
            {
              "name": "ADV-2008-1907",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1907/references"
            },
            {
              "name": "DSA-1618",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1618"
            },
            {
              "name": "31687",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31687"
            },
            {
              "name": "30894",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30894"
            },
            {
              "name": "31062",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31062"
            },
            {
              "name": "31256",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31256"
            },
            {
              "name": "20080626 rPSA-2008-0206-1 ruby",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/493688/100/0/threaded"
            },
            {
              "name": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/",
              "refsource": "MISC",
              "url": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/"
            },
            {
              "name": "SSA:2008-179-01",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.429562"
            },
            {
              "name": "APPLE-SA-2008-06-30",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
            },
            {
              "name": "1020347",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020347"
            },
            {
              "name": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html",
              "refsource": "MISC",
              "url": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206"
            },
            {
              "name": "oval:org.mitre.oval:def:11601",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11601"
            },
            {
              "name": "FEDORA-2008-5649",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html"
            },
            {
              "name": "MDVSA-2008:140",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140"
            },
            {
              "name": "30802",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30802"
            },
            {
              "name": "30831",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30831"
            },
            {
              "name": "RHSA-2008:0561",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html"
            },
            {
              "name": "ruby-rbstrbufappend-code-execution(43345)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43345"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-2626",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-2626"
            },
            {
              "name": "DSA-1612",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1612"
            },
            {
              "name": "GLSA-200812-17",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
            },
            {
              "name": "33178",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33178"
            },
            {
              "name": "29903",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29903"
            },
            {
              "name": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html",
              "refsource": "MISC",
              "url": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html"
            },
            {
              "name": "30867",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30867"
            },
            {
              "name": "MDVSA-2008:142",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142"
            },
            {
              "name": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/",
              "refsource": "CONFIRM",
              "url": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"
            },
            {
              "name": "http://www.ruby-forum.com/topic/157034",
              "refsource": "MISC",
              "url": "http://www.ruby-forum.com/topic/157034"
            },
            {
              "name": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/",
              "refsource": "MISC",
              "url": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/"
            },
            {
              "name": "USN-621-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-621-1"
            },
            {
              "name": "31181",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31181"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-2662",
    "datePublished": "2008-06-24T19:00:00.000Z",
    "dateReserved": "2008-06-10T00:00:00.000Z",
    "dateUpdated": "2024-08-07T09:05:30.275Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2008-AVI-343

Vulnerability from certfr_avis - Published: 2008-07-02 - Updated: 2008-07-02

Plusieurs vulnérablités concernant le système d'exploitation Apple Mac OS X ont été corrigées.

Description

Plusieurs vulnérablités ont été corrigées :

Alias Manager : un alias spécifiquement créé permet l'exécution de code arbitraire ;
CoresTypes : des contenus incertains peuvent être ouverts automatiquement ;
c++filt : une chaine de caratères spécifiquement créée permet l'exécution de code arbitraire ;
Dock : une personne ayant physiquement accès à la machine peut contourner l'écran de verrouillage ;
Launch Services : du code malveillant peut être exécuté via un site Web malveillant ;
Net-SNMP : il est possible de contrefaire un paquet SNMPv3 ;
Ruby : une chaine de caractères ou un tableau spécifiquement créé permet l'exécution de code arbitraire ;
SMB File Server : une trame SMB spécialement réalisée permet l'exécution de code arbitraire ;
System Configuration : un utilisateur local peut exécuter du code arbitraire avec les droits de nouveaux utilisateurs ;
Tomcat : plusieurs vulnérabilités affectent le logiciel dont une permettant des attaques de type Cross Site Scripting ;
VPN : un attaquant peut réaliser un déni de service à distance à l'aide de paquets UDP spécifiquement créés ;
Webkit : du code malveillant peut être exécuté via un site Web malveillant.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple Mac OS X versions v10.5.3 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Mise à jour de sécurité Apple 2008-004 du 30 juin 2008	None	vendor-advisory
Bulletin de sécurité Apple 2008-004 du 30 juin 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eApple Mac OS X versions v10.5.3 et  ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rablit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es :\n\n-   Alias Manager : un alias sp\u00e9cifiquement cr\u00e9\u00e9 permet l\u0027ex\u00e9cution de\n    code arbitraire ;\n-   CoresTypes : des contenus incertains peuvent \u00eatre ouverts\n    automatiquement ;\n-   c++filt : une chaine de carat\u00e8res sp\u00e9cifiquement cr\u00e9\u00e9e permet\n    l\u0027ex\u00e9cution de code arbitraire ;\n-   Dock : une personne ayant physiquement acc\u00e8s \u00e0 la machine peut\n    contourner l\u0027\u00e9cran de verrouillage ;\n-   Launch Services : du code malveillant peut \u00eatre ex\u00e9cut\u00e9 via un site\n    Web malveillant ;\n-   Net-SNMP : il est possible de contrefaire un paquet SNMPv3 ;\n-   Ruby : une chaine de caract\u00e8res ou un tableau sp\u00e9cifiquement cr\u00e9\u00e9\n    permet l\u0027ex\u00e9cution de code arbitraire ;\n-   SMB File Server : une trame SMB sp\u00e9cialement r\u00e9alis\u00e9e permet\n    l\u0027ex\u00e9cution de code arbitraire ;\n-   System Configuration : un utilisateur local peut ex\u00e9cuter du code\n    arbitraire avec les droits de nouveaux utilisateurs ;\n-   Tomcat : plusieurs vuln\u00e9rabilit\u00e9s affectent le logiciel dont une\n    permettant des attaques de type Cross Site Scripting ;\n-   VPN : un attaquant peut r\u00e9aliser un d\u00e9ni de service \u00e0 distance \u00e0\n    l\u0027aide de paquets UDP sp\u00e9cifiquement cr\u00e9\u00e9s ;\n-   Webkit : du code malveillant peut \u00eatre ex\u00e9cut\u00e9 via un site Web\n    malveillant.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-2663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2663"
    },
    {
      "name": "CVE-2007-2450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2450"
    },
    {
      "name": "CVE-2008-2309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2309"
    },
    {
      "name": "CVE-2008-2725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2725"
    },
    {
      "name": "CVE-2008-2313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2313"
    },
    {
      "name": "CVE-2008-1145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1145"
    },
    {
      "name": "CVE-2007-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
    },
    {
      "name": "CVE-2008-2311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2311"
    },
    {
      "name": "CVE-2007-3382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3382"
    },
    {
      "name": "CVE-2007-3383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3383"
    },
    {
      "name": "CVE-2008-1105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1105"
    },
    {
      "name": "CVE-2005-3164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3164"
    },
    {
      "name": "CVE-2008-0960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0960"
    },
    {
      "name": "CVE-2008-2664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2664"
    },
    {
      "name": "CVE-2007-5333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
    },
    {
      "name": "CVE-2007-2449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2449"
    },
    {
      "name": "CVE-2007-1355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1355"
    },
    {
      "name": "CVE-2008-2726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2726"
    },
    {
      "name": "CVE-2008-2314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2314"
    },
    {
      "name": "CVE-2008-2662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2662"
    },
    {
      "name": "CVE-2008-2307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2307"
    },
    {
      "name": "CVE-2008-2308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2308"
    },
    {
      "name": "CVE-2007-6276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6276"
    },
    {
      "name": "CVE-2007-3385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3385"
    },
    {
      "name": "CVE-2008-2310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2310"
    }
  ],
  "initial_release_date": "2008-07-02T00:00:00",
  "last_revision_date": "2008-07-02T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2008-004 du 30 juin 2008 :",
      "url": "http://support.apple.com/kb/HT2163"
    }
  ],
  "reference": "CERTA-2008-AVI-343",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-07-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rablit\u00e9s concernant le syst\u00e8me d\u0027exploitation Apple Mac\nOS X ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Apple 2008-004 du 30 juin 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-342

Vulnerability from certfr_avis - Published: 2008-06-27 - Updated: 2008-06-27

Plusieurs vulnérabilités dans Ruby permettent à un utilisateur distant de porter atteinte à la confidentialité des données, de provoquer un déni de service ou d'exécuter du code arbitraire.

Description

Plusieurs vulnérabilités sont présentes dans l'interpréteur Ruby ou des classes de base Ruby associées :

la première est relative à certains composants WEBrick qui, sous certaines conditions, permettent à un utilisateur distant de porter atteinte à la confidentialité des données utilisées par l'application web s'appuyant sur ces composants ;
la deuxième concerne plusieurs failles de type débordement d'entiers dans certaines fonctions de Ruby. Elle permet à un utilisateur distant de provoquer un déni de service via des paramètres de longueur excessive ;
la dernière est dûe à une erreur dans certaines fonctions d'allocations de mémoire et permet à un utilisateur distant de provoquer un déni de service ou d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Ruby versions 1.8.7-p21 et antérieures ;
N/A	N/A	Ruby versions 1.8.6-p229 et antérieures ;
N/A	N/A	Ruby versions 1.8.4 et antérieures ;
N/A	N/A	Ruby versions 1.9.0-1 et antérieures.
N/A	N/A	Ruby versions 1.8.5-p230 et antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité Ruby du 20 juin 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby versions 1.8.7-p21 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby versions 1.8.6-p229 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby versions 1.8.4 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby versions 1.9.0-1 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby versions 1.8.5-p230 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans l\u0027interpr\u00e9teur Ruby ou des\nclasses de base Ruby associ\u00e9es :\n\n-   la premi\u00e8re est relative \u00e0 certains composants WEBrick qui, sous\n    certaines conditions, permettent \u00e0 un utilisateur distant de porter\n    atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es utilis\u00e9es par\n    l\u0027application web s\u0027appuyant sur ces composants ;\n-   la deuxi\u00e8me concerne plusieurs failles de type d\u00e9bordement d\u0027entiers\n    dans certaines fonctions de Ruby. Elle permet \u00e0 un utilisateur\n    distant de provoquer un d\u00e9ni de service via des param\u00e8tres de\n    longueur excessive ;\n-   la derni\u00e8re est d\u00fbe \u00e0 une erreur dans certaines fonctions\n    d\u0027allocations de m\u00e9moire et permet \u00e0 un utilisateur distant de\n    provoquer un d\u00e9ni de service ou d\u0027ex\u00e9cuter du code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-2663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2663"
    },
    {
      "name": "CVE-2008-2725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2725"
    },
    {
      "name": "CVE-2008-2664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2664"
    },
    {
      "name": "CVE-2008-2726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2726"
    },
    {
      "name": "CVE-2008-2662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2662"
    }
  ],
  "initial_release_date": "2008-06-27T00:00:00",
  "last_revision_date": "2008-06-27T00:00:00",
  "links": [],
  "reference": "CERTA-2008-AVI-342",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-06-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9ss"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Ruby permettent \u00e0 un utilisateur distant\nde porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, de provoquer un\nd\u00e9ni de service ou d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby du 20 juin 2008",
      "url": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities"
    }
  ]
}

GSD-2008-2662

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-2662

Aliases

CVE-2008-2662

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-2662",
    "description": "Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725.  NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.",
    "id": "GSD-2008-2662",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-2662.html",
      "https://www.debian.org/security/2008/dsa-1618",
      "https://www.debian.org/security/2008/dsa-1612",
      "https://access.redhat.com/errata/RHSA-2008:0561",
      "https://linux.oracle.com/cve/CVE-2008-2662.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-2662"
      ],
      "details": "Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725.  NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.",
      "id": "GSD-2008-2662",
      "modified": "2023-12-13T01:23:01.138482Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-2662",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725.  NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "SUSE-SR:2008:017",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
          },
          {
            "name": "http://support.apple.com/kb/HT2163",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT2163"
          },
          {
            "name": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities",
            "refsource": "MISC",
            "url": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities"
          },
          {
            "name": "MDVSA-2008:141",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141"
          },
          {
            "name": "30875",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30875"
          },
          {
            "name": "ADV-2008-1981",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1981/references"
          },
          {
            "name": "ADV-2008-1907",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1907/references"
          },
          {
            "name": "DSA-1618",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2008/dsa-1618"
          },
          {
            "name": "31687",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31687"
          },
          {
            "name": "30894",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30894"
          },
          {
            "name": "31062",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31062"
          },
          {
            "name": "31256",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31256"
          },
          {
            "name": "20080626 rPSA-2008-0206-1 ruby",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/493688/100/0/threaded"
          },
          {
            "name": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/",
            "refsource": "MISC",
            "url": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/"
          },
          {
            "name": "SSA:2008-179-01",
            "refsource": "SLACKWARE",
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.429562"
          },
          {
            "name": "APPLE-SA-2008-06-30",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
          },
          {
            "name": "1020347",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1020347"
          },
          {
            "name": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html",
            "refsource": "MISC",
            "url": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html"
          },
          {
            "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206",
            "refsource": "CONFIRM",
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206"
          },
          {
            "name": "oval:org.mitre.oval:def:11601",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11601"
          },
          {
            "name": "FEDORA-2008-5649",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html"
          },
          {
            "name": "MDVSA-2008:140",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140"
          },
          {
            "name": "30802",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30802"
          },
          {
            "name": "30831",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30831"
          },
          {
            "name": "RHSA-2008:0561",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html"
          },
          {
            "name": "ruby-rbstrbufappend-code-execution(43345)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43345"
          },
          {
            "name": "https://issues.rpath.com/browse/RPL-2626",
            "refsource": "CONFIRM",
            "url": "https://issues.rpath.com/browse/RPL-2626"
          },
          {
            "name": "DSA-1612",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2008/dsa-1612"
          },
          {
            "name": "GLSA-200812-17",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
          },
          {
            "name": "33178",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33178"
          },
          {
            "name": "29903",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/29903"
          },
          {
            "name": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html",
            "refsource": "MISC",
            "url": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html"
          },
          {
            "name": "30867",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30867"
          },
          {
            "name": "MDVSA-2008:142",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142"
          },
          {
            "name": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/",
            "refsource": "CONFIRM",
            "url": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"
          },
          {
            "name": "http://www.ruby-forum.com/topic/157034",
            "refsource": "MISC",
            "url": "http://www.ruby-forum.com/topic/157034"
          },
          {
            "name": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/",
            "refsource": "MISC",
            "url": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/"
          },
          {
            "name": "USN-621-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/usn-621-1"
          },
          {
            "name": "31181",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31181"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.8.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.8.5.231",
                "versionStartExcluding": "1.8.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.8.6.230",
                "versionStartIncluding": "1.8.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.8.7.22",
                "versionStartIncluding": "1.8.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.9.0.2",
                "versionStartIncluding": "1.9.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2662"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725.  NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-189"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/"
            },
            {
              "name": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities"
            },
            {
              "name": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/"
            },
            {
              "name": "http://www.ruby-forum.com/topic/157034",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.ruby-forum.com/topic/157034"
            },
            {
              "name": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html"
            },
            {
              "name": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html",
              "refsource": "MISC",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html"
            },
            {
              "name": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"
            },
            {
              "name": "29903",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/29903"
            },
            {
              "name": "SUSE-SR:2008:017",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
            },
            {
              "name": "31256",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/31256"
            },
            {
              "name": "30802",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/30802"
            },
            {
              "name": "31062",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/31062"
            },
            {
              "name": "30831",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/30831"
            },
            {
              "name": "FEDORA-2008-5649",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html"
            },
            {
              "name": "APPLE-SA-2008-06-30",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
            },
            {
              "name": "1020347",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id?1020347"
            },
            {
              "name": "DSA-1618",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1618"
            },
            {
              "name": "RHSA-2008:0561",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html"
            },
            {
              "name": "http://support.apple.com/kb/HT2163",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://support.apple.com/kb/HT2163"
            },
            {
              "name": "31181",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/31181"
            },
            {
              "name": "DSA-1612",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1612"
            },
            {
              "name": "31687",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/31687"
            },
            {
              "name": "MDVSA-2008:142",
              "refsource": "MANDRIVA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142"
            },
            {
              "name": "MDVSA-2008:140",
              "refsource": "MANDRIVA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140"
            },
            {
              "name": "MDVSA-2008:141",
              "refsource": "MANDRIVA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link"
              ],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206"
            },
            {
              "name": "30867",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/30867"
            },
            {
              "name": "USN-621-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.ubuntu.com/usn/usn-621-1"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-2626",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link"
              ],
              "url": "https://issues.rpath.com/browse/RPL-2626"
            },
            {
              "name": "30875",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/30875"
            },
            {
              "name": "SSA:2008-179-01",
              "refsource": "SLACKWARE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.429562"
            },
            {
              "name": "30894",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/30894"
            },
            {
              "name": "GLSA-200812-17",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
            },
            {
              "name": "33178",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/33178"
            },
            {
              "name": "ADV-2008-1907",
              "refsource": "VUPEN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1907/references"
            },
            {
              "name": "ADV-2008-1981",
              "refsource": "VUPEN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1981/references"
            },
            {
              "name": "ruby-rbstrbufappend-code-execution(43345)",
              "refsource": "XF",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43345"
            },
            {
              "name": "oval:org.mitre.oval:def:11601",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11601"
            },
            {
              "name": "20080626 rPSA-2008-0206-1 ruby",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/493688/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-11-01T15:02Z",
      "publishedDate": "2008-06-24T19:41Z"
    }
  }
}

GHSA-6WWF-X53R-5QQQ

Vulnerability from github – Published: 2022-05-01 23:52 – Updated: 2025-04-09 03:55

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-2662"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-06-24T19:41:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725.  NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.",
  "id": "GHSA-6wwf-x53r-5qqq",
  "modified": "2025-04-09T03:55:44Z",
  "published": "2022-05-01T23:52:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2662"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43345"
    },
    {
      "type": "WEB",
      "url": "https://issues.rpath.com/browse/RPL-2626"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11601"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html"
    },
    {
      "type": "WEB",
      "url": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30802"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30831"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30867"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30875"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30894"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31062"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31181"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31256"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31687"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33178"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
    },
    {
      "type": "WEB",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.429562"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT2163"
    },
    {
      "type": "WEB",
      "url": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1612"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1618"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142"
    },
    {
      "type": "WEB",
      "url": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html"
    },
    {
      "type": "WEB",
      "url": "http://www.ruby-forum.com/topic/157034"
    },
    {
      "type": "WEB",
      "url": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/493688/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/29903"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1020347"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-621-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1907/references"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1981/references"
    },
    {
      "type": "WEB",
      "url": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2008-2662

Vulnerability from fkie_nvd - Published: 2008-06-24 19:41 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/	Third Party Advisory
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html	Mailing List, Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/30802	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/30831	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/30867	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/30875	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/30894	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/31062	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/31181	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/31256	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/31687	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/33178	Third Party Advisory
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200812-17.xml	Third Party Advisory
cve@mitre.org	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562	Mailing List, Third Party Advisory
cve@mitre.org	http://support.apple.com/kb/HT2163	Third Party Advisory
cve@mitre.org	http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities	Third Party Advisory
cve@mitre.org	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206	Broken Link
cve@mitre.org	http://www.debian.org/security/2008/dsa-1612	Third Party Advisory
cve@mitre.org	http://www.debian.org/security/2008/dsa-1618	Third Party Advisory
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2008:140	Third Party Advisory
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2008:141	Third Party Advisory
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2008:142	Third Party Advisory
cve@mitre.org	http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/	Third Party Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0561.html	Third Party Advisory
cve@mitre.org	http://www.ruby-forum.com/topic/157034	Third Party Advisory
cve@mitre.org	http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/	Patch, Vendor Advisory
cve@mitre.org	http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/493688/100/0/threaded	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/29903	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id?1020347	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.ubuntu.com/usn/usn-621-1	Third Party Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1907/references	Third Party Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1981/references	Third Party Advisory
cve@mitre.org	http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html	Broken Link
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/43345	Third Party Advisory, VDB Entry
cve@mitre.org	https://issues.rpath.com/browse/RPL-2626	Broken Link
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11601	Third Party Advisory
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30802	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30831	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30867	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30875	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30894	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31062	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31181	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31256	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31687	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33178	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200812-17.xml	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT2163	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1612	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1618	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:140	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:141	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:142	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0561.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ruby-forum.com/topic/157034	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/493688/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29903	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1020347	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-621-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1907/references	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1981/references	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/43345	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-2626	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11601	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html	Third Party Advisory

Impacted products

Vendor	Product	Version
ruby-lang	ruby	*
ruby-lang	ruby	*
ruby-lang	ruby	*
ruby-lang	ruby	*
ruby-lang	ruby	*
debian	debian_linux	4.0
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	7.04
canonical	ubuntu_linux	7.10
canonical	ubuntu_linux	8.04

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D65BD5CD-5ECE-4294-B8E6-D0276FE8CC98",
              "versionEndIncluding": "1.8.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A289D5F-E8F3-4102-BF83-C63114DFE32C",
              "versionEndExcluding": "1.8.5.231",
              "versionStartExcluding": "1.8.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABA0AC75-6B7E-48BD-891F-3FB312B9BA25",
              "versionEndExcluding": "1.8.6.230",
              "versionStartIncluding": "1.8.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EDF7713-E20F-4EED-A323-98902450FD09",
              "versionEndExcluding": "1.8.7.22",
              "versionStartIncluding": "1.8.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DDF08CB-5F01-49ED-9DDB-ED39C8B0423E",
              "versionEndExcluding": "1.9.0.2",
              "versionStartIncluding": "1.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
              "matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725.  NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de entero en la funci\u00f3n rb_str_buf_append de Ruby 1.8.4 y anteriores, 1.8.5 antes de 1.8.5-p231, 1.8.6 anterior a 1.8.6-p230, 1.8.7 anterior a 1.8.7-p22 y 1.9.0 antes de 1.9.0-2 permite a atacantes dependientes del contexto ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio mediante vectores desconocidos que disparan una corrupci\u00f3n de memoria, un problema distinto a CVE-2008-2663, CVE-2008-2664 y CVE-2008-2725. NOTA: a fecha de 24-06-2008, ha habido un uso inconsistente de m\u00faltiples identificadores CVE relacionados con Ruby. Esta descripci\u00f3n CVE debe ser tomada como autorizado, aunque probablemente cambie."
    }
  ],
  "id": "CVE-2008-2662",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-06-24T19:41:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/30802"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/30831"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/30867"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/30875"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/30894"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/31062"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/31181"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/31256"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/31687"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/33178"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.429562"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT2163"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1612"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1618"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ruby-forum.com/topic/157034"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/493688/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/29903"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1020347"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-621-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1907/references"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1981/references"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43345"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://issues.rpath.com/browse/RPL-2626"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11601"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/30802"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/30831"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/30867"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/30875"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/30894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/31062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/31181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/31256"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/31687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/33178"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.429562"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT2163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1612"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1618"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ruby-forum.com/topic/157034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/493688/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/29903"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1020347"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-621-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1907/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1981/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43345"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://issues.rpath.com/browse/RPL-2626"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11601"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-2662 (GCVE-0-2008-2662)

CERTA-2008-AVI-343

Description

Solution

CERTA-2008-AVI-342

Description

Solution

GSD-2008-2662

GHSA-6WWF-X53R-5QQQ

FKIE_CVE-2008-2662

Tags

Sightings

Nomenclature