1. Home
  2. Vulnerabilities
  3. CVE-2008-2663

CVE-2008-2663

CVSS v2.0 10 (High)
100% Progress
EPSS 0.94 % (83th)
0.94% Progress
Affected Products 3
Advisories 10
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Weaknesses
CWE-190
Integer Overflow or Wraparound
Related CVEs
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2008-06-24 19:41:00
(16 years ago)
Updated Date
2018-11-01 15:06:25
(5 years ago)

Affected Products

Canonical

Debian

Ruby-lang

Configuration #1

    CPE23 From Up To
  Ruby-lang Ruby 1.8.4 and prior versions cpe:2.3:a:ruby-lang:ruby <= 1.8.4
  Ruby-lang Ruby above 1.8.5 version and prior 1.8.5.231 version cpe:2.3:a:ruby-lang:ruby > 1.8.5 < 1.8.5.231
  Ruby-lang Ruby from 1.8.6 version and prior 1.8.6.230 version cpe:2.3:a:ruby-lang:ruby >= 1.8.6 < 1.8.6.230
  Ruby-lang Ruby from 1.8.7 version and prior 1.8.7.22 version cpe:2.3:a:ruby-lang:ruby >= 1.8.7 < 1.8.7.22

Configuration #2

    CPE23 From Up To
  Debian Linux 4.0 cpe:2.3:o:debian:debian_linux:4.0

Configuration #3

    CPE23 From Up To
  Canonical Ubuntu Linux 6.06 cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts
  Canonical Ubuntu Linux 7.04 cpe:2.3:o:canonical:ubuntu_linux:7.04
  Canonical Ubuntu Linux 7.10 cpe:2.3:o:canonical:ubuntu_linux:7.10
  Canonical Ubuntu Linux 8.04 cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts