CVE-2008-2376

NONECVSS 0.0

0.0

Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.

🔗 References (56)

secalert@redhathttp://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
secalert@redhathttp://secunia.com/advisories/30927
secalert@redhathttp://secunia.com/advisories/31006
secalert@redhathttp://secunia.com/advisories/31062
secalert@redhathttp://secunia.com/advisories/31090
secalert@redhathttp://secunia.com/advisories/31181
secalert@redhathttp://secunia.com/advisories/31256
secalert@redhathttp://secunia.com/advisories/32219
secalert@redhathttp://secunia.com/advisories/33178
secalert@redhathttp://security.gentoo.org/glsa/glsa-200812-17.xml
secalert@redhathttp://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17756
secalert@redhathttp://wiki.rpath.com/Advisories:rPSA-2008-0218
secalert@redhathttp://wiki.rpath.com/wiki/Advisories:rPSA-2008-0218
secalert@redhathttp://www.debian.org/security/2008/dsa-1612
secalert@redhathttp://www.debian.org/security/2008/dsa-1618

Is Your Infrastructure Affected by CVE-2008-2376?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-2376

📅 Published

🔄 Last Modified

🔗 References (56)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-2376?