CVE-2008-2664

Loading...

General

Score:7.8/10.0
Severity:High
Category:Resource Management Error

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Complete

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2005-3164, CVE-2007-1355, CVE-2007-2449, CVE-2007-2450, CVE-2007-3382, CVE-2007-3383, CVE-2007-3385, CVE-2007-5333, CVE-2007-5461, CVE-2007-6276, CVE-2008-0960, CVE-2008-1105, CVE-2008-1145, CVE-2008-1891, CVE-2008-2307, CVE-2008-2308, CVE-2008-2309, CVE-2008-2310, CVE-2008-2311, CVE-2008-2313, CVE-2008-2314, CVE-2008-2376, CVE-2008-2662, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726, CVE-2008-2727, CVE-2008-2728

Published on 24/06/08 - Updated on 29/09/17

Description

The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Category: Resource Management Error

CWE-399 (Resource Management Errors)
Weaknesses in this category are related to improper management of system resources.

Security Notices

US National Vulnerability DatabaseCVE-2008-2664
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2008-AVI-342, CERTA-2008-AVI-343
CentOS CESA-2008:0561
Redhat RHSA-2008:0561
Renater 2008/VULN240, 2008/VULN260

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
ruby-langruby

Share this vulnerability with:

Twitter Facebook LinkedIn Mail