1. Home
  2. Vulnerabilities
  3. CVE-2008-2376

CVE-2008-2376

CVSS v2.0 7.5 (High)
75% Progress
EPSS 2.05 % (89th)
2.05% Progress
Affected Products 2
Advisories 5
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.

Weaknesses
CWE-189
Numeric Errors
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2008-07-09 00:41:00
(16 years ago)
Updated Date
2023-11-07 02:02:12
(10 months ago)

Affected Products

Redhat

Ruby-lang

Configuration #1

AND
    CPE23 From Up To
OR  
  Redhat Fedora 8 1.8.6.230 cpe:2.3:o:redhat:fedora_8:1.8.6.230
OR  
  Running on/with
  Ruby-lang Ruby 1.8.6.230 cpe:2.3:a:ruby-lang:ruby:1.8.6.230