CVE-2008-2376

Published: 08 July 2008

Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.

Priority

Low

Status

Package Release Status
ruby1.8
Launchpad, Ubuntu, Debian 		Upstream
Released (1.8.7.72-1)
Patches:
Debdiff: http://launchpad.net/bugs/246818
ruby1.9
Launchpad, Ubuntu, Debian 		Upstream
Released (1.9.0.2-7)

Notes

AuthorNote
jdstrand 
from oss-security, need to make sure that the following patches:
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13397
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17688
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17756
believed to not be as severe due to input code path

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading