CVE-2008-2664

CVSS v2.0 7.8 (High)

EPSS 0.44 % (75^th)

Affected Products 3

Advisories 10

The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Weaknesses

CWE-399: Resource Management Errors

Related CVEs

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2008-06-24 19:41:00
(16 years ago)
Updated Date: 2018-11-01 15:06:04
(5 years ago)

Affected Products

Configuration #1

	CPE23	From	Up To
Ruby-lang Ruby 1.8.4 and prior versions	cpe:2.3:a:ruby-lang:ruby		<= 1.8.4
Ruby-lang Ruby above 1.8.5 version and prior 1.8.5.231 version	cpe:2.3:a:ruby-lang:ruby	> 1.8.5	< 1.8.5.231
Ruby-lang Ruby from 1.8.6 version and prior 1.8.6.230 version	cpe:2.3:a:ruby-lang:ruby	>= 1.8.6	< 1.8.6.230
Ruby-lang Ruby from 1.8.7 version and prior 1.8.7.22 version	cpe:2.3:a:ruby-lang:ruby	>= 1.8.7	< 1.8.7.22
Ruby-lang Ruby from 1.9.0 version and prior 1.9.0.2 version	cpe:2.3:a:ruby-lang:ruby	>= 1.9.0	< 1.9.0.2

Configuration #2

		CPE23	From	Up To
	Debian Linux 4.0	cpe:2.3:o:debian:debian_linux:4.0

Configuration #3

		CPE23	From	Up To
	Canonical Ubuntu Linux 6.06	cpe:2.3:o:canonical:ubuntu_linux:6.06:::*:lts
	Canonical Ubuntu Linux 7.04	cpe:2.3:o:canonical:ubuntu_linux:7.04
	Canonical Ubuntu Linux 7.10	cpe:2.3:o:canonical:ubuntu_linux:7.10
	Canonical Ubuntu Linux 8.04	cpe:2.3:o:canonical:ubuntu_linux:8.04:::*:lts

Weaknesses

Related CVEs

Affected Products

Canonical

Debian

Ruby-lang

Configuration #1

Configuration #2

Configuration #3