1. Home
  2. Vulnerabilities
  3. CVE-2008-3657

CVE-2008-3657

CVSS v2.0 7.5 (High)
75% Progress
EPSS 5.36 % (93th)
5.36% Progress
Affected Products 1
Advisories 5
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.

Weaknesses
CWE-20
Improper Input Validation
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2008-08-13 01:41:00
(16 years ago)
Updated Date
2018-10-11 20:49:03
(6 years ago)

Affected Products

Ruby-lang

Configuration #1

    CPE23 From Up To
  Ruby-lang Ruby 1.8.5 and prior versions cpe:2.3:a:ruby-lang:ruby <= 1.8.5
  Ruby-lang Ruby 1.6.8 cpe:2.3:a:ruby-lang:ruby:1.6.8
  Ruby-lang Ruby 1.8.0 cpe:2.3:a:ruby-lang:ruby:1.8.0
  Ruby-lang Ruby 1.8.1 cpe:2.3:a:ruby-lang:ruby:1.8.1
  Ruby-lang Ruby 1.8.1 -9 cpe:2.3:a:ruby-lang:ruby:1.8.1:-9
  Ruby-lang Ruby 1.8.2 cpe:2.3:a:ruby-lang:ruby:1.8.2
  Ruby-lang Ruby 1.8.2 Preview2 cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2
  Ruby-lang Ruby 1.8.2 Preview3 cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3
  Ruby-lang Ruby 1.8.2 Preview4 cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4
  Ruby-lang Ruby 1.8.3 cpe:2.3:a:ruby-lang:ruby:1.8.3
  Ruby-lang Ruby 1.8.3 Preview1 cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1
  Ruby-lang Ruby 1.8.3 Preview2 cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2
  Ruby-lang Ruby 1.8.3 Preview3 cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3
  Ruby-lang Ruby 1.8.4 cpe:2.3:a:ruby-lang:ruby:1.8.4
  Ruby-lang Ruby 1.8.4 Preview1 cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1
  Ruby-lang Ruby 1.8.4 Preview2 cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2
  Ruby-lang Ruby 1.8.4 Preview3 cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3
  Ruby-lang Ruby 1.8.5 P11 cpe:2.3:a:ruby-lang:ruby:1.8.5:p11
  Ruby-lang Ruby 1.8.5 P113 cpe:2.3:a:ruby-lang:ruby:1.8.5:p113
  Ruby-lang Ruby 1.8.5 P115 cpe:2.3:a:ruby-lang:ruby:1.8.5:p115
  Ruby-lang Ruby 1.8.5 P12 cpe:2.3:a:ruby-lang:ruby:1.8.5:p12
  Ruby-lang Ruby 1.8.5 P2 cpe:2.3:a:ruby-lang:ruby:1.8.5:p2
  Ruby-lang Ruby 1.8.5 P35 cpe:2.3:a:ruby-lang:ruby:1.8.5:p35
  Ruby-lang Ruby 1.8.5 Preview1 cpe:2.3:a:ruby-lang:ruby:1.8.5:preview1
  Ruby-lang Ruby 1.8.5 Preview2 cpe:2.3:a:ruby-lang:ruby:1.8.5:preview2
  Ruby-lang Ruby 1.8.5 Preview3 cpe:2.3:a:ruby-lang:ruby:1.8.5:preview3
  Ruby-lang Ruby 1.8.5 Preview4 cpe:2.3:a:ruby-lang:ruby:1.8.5:preview4
  Ruby-lang Ruby 1.8.5 Preview5 cpe:2.3:a:ruby-lang:ruby:1.8.5:preview5
  Ruby-lang Ruby 1.8.6 cpe:2.3:a:ruby-lang:ruby:1.8.6
  Ruby-lang Ruby 1.8.6 P110 cpe:2.3:a:ruby-lang:ruby:1.8.6:p110
  Ruby-lang Ruby 1.8.6 P114 cpe:2.3:a:ruby-lang:ruby:1.8.6:p114
  Ruby-lang Ruby 1.8.6 Preview1 cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1
  Ruby-lang Ruby 1.8.6 Preview2 cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2
  Ruby-lang Ruby 1.8.6 Preview3 cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3
  Ruby-lang Ruby 1.8.7 cpe:2.3:a:ruby-lang:ruby:1.8.7
  Ruby-lang Ruby 1.8.7 P17 cpe:2.3:a:ruby-lang:ruby:1.8.7:p17
  Ruby-lang Ruby 1.8.7 P22 cpe:2.3:a:ruby-lang:ruby:1.8.7:p22
  Ruby-lang Ruby 1.8.7 P71 cpe:2.3:a:ruby-lang:ruby:1.8.7:p71
  Ruby-lang Ruby 1.8.7 Preview1 cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1
  Ruby-lang Ruby 1.8.7 Preview2 cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2
  Ruby-lang Ruby 1.8.7 Preview3 cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3
  Ruby-lang Ruby 1.8.7 Preview4 cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4
  Ruby-lang Ruby 1.9.0 cpe:2.3:a:ruby-lang:ruby:1.9.0