← back
CVE-2008-2376

CVE-2008-2376

EPSS 3.6%
Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.htmlhttp://secunia.com/advisories/30927http://secunia.com/advisories/31006http://secunia.com/advisories/31062http://secunia.com/advisories/31090http://secunia.com/advisories/31181http://secunia.com/advisories/31256http://secunia.com/advisories/32219http://secunia.com/advisories/33178http://security.gentoo.org/glsa/glsa-200812-17.xmlhttps://issues.rpath.com/browse/RPL-2639https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9863