Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2008-2725

Date: June 24, 2008

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Severity Score

Related Resources (46)

http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities
http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/
http://secunia.com/advisories/31062
http://secunia.com/advisories/31181
http://support.apple.com/kb/HT2163
http://www.securityfocus.com/archive/1/493688/100/0/threaded
http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html
http://secunia.com/advisories/30875
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
http://secunia.com/advisories/30831
http://secunia.com/advisories/31687
http://secunia.com/advisories/30894
http://www.securityfocus.com/bid/29903
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2727
http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/
http://www.vupen.com/english/advisories/2008/1981/references
http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/
https://people.canonical.com/~ubuntu-security/cve/CVE-2008-2725
https://issues.rpath.com/browse/RPL-2626
https://exchange.xforce.ibmcloud.com/vulnerabilities/43350
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html
http://secunia.com/advisories/31090
http://secunia.com/advisories/33178
https://nvd.nist.gov/vuln/detail/CVE-2008-2725
https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657
http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html
http://www.vupen.com/english/advisories/2008/1907/references
http://secunia.com/advisories/31256
http://www.debian.org/security/2008/dsa-1612
http://security.gentoo.org/glsa/glsa-200812-17.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:141
http://www.mandriva.com/security/advisories?name=MDVSA-2008:142
http://www.mandriva.com/security/advisories?name=MDVSA-2008:140
http://www.ruby-forum.com/topic/157034
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206
http://secunia.com/advisories/30867
http://www.ubuntu.com/usn/usn-621-1
http://secunia.com/advisories/30802
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9606
http://www.debian.org/security/2008/dsa-1618
http://www.securitytracker.com/id?1020347
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562
http://www.redhat.com/support/errata/RHSA-2008-0561.html
https://www.mend.io/vulnerability-database/CVE-2008-2725

Severity Score

Weakness Type (CWE)

Numeric Errors

CWE-189

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us