CVE-2011-0188

CVSS v2.0 6.8 (Medium)

EPSS 2.85 % (91^th)

Affected Products 3

Advisories 5

The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."

Weaknesses

CWE-189: Numeric Errors

CVE Status: PUBLISHED
CNA: Apple Inc.
Published Date: 2011-03-23 02:00:06
(13 years ago)
Updated Date: 2011-08-24 03:15:07
(13 years ago)

Affected Products

Apple

Ruby-lang

Ruby

Configuration #1

AND

		CPE23	Up To
OR
	Ruby-lang Ruby 1.9.2-p136 and prior versions	cpe:2.3:a:ruby-lang:ruby	<= 1.9.2-p136
OR
	Running on/with
	Ruby-lang Ruby 1.9	cpe:2.3:a:ruby-lang:ruby:1.9
OR
	Running on/with
	Ruby-lang Ruby 1.9 R18423	cpe:2.3:a:ruby-lang:ruby:1.9:r18423
OR
	Running on/with
	Ruby-lang Ruby 1.9.0	cpe:2.3:a:ruby-lang:ruby:1.9.0
OR
	Running on/with
	Ruby-lang Ruby 1.9.0 R18423	cpe:2.3:a:ruby-lang:ruby:1.9.0:r18423
OR
	Running on/with
	Ruby-lang Ruby 1.9.0-0	cpe:2.3:a:ruby-lang:ruby:1.9.0-0
OR
	Running on/with
	Ruby-lang Ruby 1.9.0-1	cpe:2.3:a:ruby-lang:ruby:1.9.0-1
OR
	Running on/with
	Ruby-lang Ruby 1.9.0-2	cpe:2.3:a:ruby-lang:ruby:1.9.0-2
OR
	Running on/with
	Ruby-lang Ruby 1.9.0-20060415	cpe:2.3:a:ruby-lang:ruby:1.9.0-20060415
OR
	Running on/with
	Ruby-lang Ruby 1.9.0-20070709	cpe:2.3:a:ruby-lang:ruby:1.9.0-20070709
OR
	Running on/with
	Ruby-lang Ruby 1.9.1	cpe:2.3:a:ruby-lang:ruby:1.9.1
OR
	Running on/with
	Ruby-lang Ruby 1.9.1 -p0	cpe:2.3:a:ruby-lang:ruby:1.9.1:-p0
OR
	Running on/with
	Ruby-lang Ruby 1.9.1 -p129	cpe:2.3:a:ruby-lang:ruby:1.9.1:-p129
OR
	Running on/with
	Ruby-lang Ruby 1.9.1 -p243	cpe:2.3:a:ruby-lang:ruby:1.9.1:-p243
OR
	Running on/with
	Ruby-lang Ruby 1.9.1 -p376	cpe:2.3:a:ruby-lang:ruby:1.9.1:-p376
OR
	Running on/with
	Ruby-lang Ruby 1.9.1 -p429	cpe:2.3:a:ruby-lang:ruby:1.9.1:-p429
OR
	Running on/with
	Ruby-lang Ruby 1.9.1 -preview 1	cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_1
OR
	Running on/with
	Ruby-lang Ruby 1.9.1 -preview 2	cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_2
OR
	Running on/with
	Ruby-lang Ruby 1.9.1 -rc1	cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc1
OR
	Running on/with
	Ruby-lang Ruby 1.9.1 -rc2	cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc2
OR
	Running on/with
	Ruby-lang Ruby 1.9.2	cpe:2.3:a:ruby-lang:ruby:1.9.2
OR
	Running on/with
	Ruby-lang Ruby 1.9.2 Dev	cpe:2.3:a:ruby-lang:ruby:1.9.2:dev
OR
	Running on/with
	Apple Mac Os X 10.5.8	cpe:2.3:o:apple:mac_os_x:10.5.8
OR
	Running on/with
	Apple Mac Os X 10.6.0	cpe:2.3:o:apple:mac_os_x:10.6.0
OR
	Running on/with
	Apple Mac Os X 10.6.1	cpe:2.3:o:apple:mac_os_x:10.6.1
OR
	Running on/with
	Apple Mac Os X 10.6.2	cpe:2.3:o:apple:mac_os_x:10.6.2
OR
	Running on/with
	Apple Mac Os X 10.6.3	cpe:2.3:o:apple:mac_os_x:10.6.3
OR
	Running on/with
	Apple Mac Os X 10.6.4	cpe:2.3:o:apple:mac_os_x:10.6.4
OR
	Running on/with
	Apple Mac Os X 10.6.5	cpe:2.3:o:apple:mac_os_x:10.6.5
OR
	Running on/with
	Apple Mac Os X 10.6.6	cpe:2.3:o:apple:mac_os_x:10.6.6
OR
	Running on/with
	Apple Mac Os X Server 10.5.8	cpe:2.3:o:apple:mac_os_x_server:10.5.8
OR
	Running on/with
	Apple Mac Os X Server 10.6.0	cpe:2.3:o:apple:mac_os_x_server:10.6.0
OR
	Running on/with
	Apple Mac Os X Server 10.6.1	cpe:2.3:o:apple:mac_os_x_server:10.6.1
OR
	Running on/with
	Apple Mac Os X Server 10.6.2	cpe:2.3:o:apple:mac_os_x_server:10.6.2
OR
	Running on/with
	Apple Mac Os X Server 10.6.3	cpe:2.3:o:apple:mac_os_x_server:10.6.3
OR
	Running on/with
	Apple Mac Os X Server 10.6.4	cpe:2.3:o:apple:mac_os_x_server:10.6.4
OR
	Running on/with
	Apple Mac Os X Server 10.6.5	cpe:2.3:o:apple:mac_os_x_server:10.6.5
OR
	Running on/with
	Apple Mac Os X Server 10.6.6	cpe:2.3:o:apple:mac_os_x_server:10.6.6