CVE-2011-0188

2011-03-2302:00:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2011-0188

vpmemalloc

bigdecimal

ruby

memory allocation

mac os x

integer truncation issue

nvd

6 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.029 Low

EPSS

Percentile

90.6%

JSON

The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an “integer truncation issue.”

CPENameOperatorVersion
ruby-lang:rubyruby-lang rubyle1.9.2-p136
ruby-lang:rubyruby-lang rubyeq1.9
ruby-lang:rubyruby-lang rubyeq1.9.0
ruby-lang:rubyruby-lang rubyeq1.9.0-0
ruby-lang:rubyruby-lang rubyeq1.9.0-1
ruby-lang:rubyruby-lang rubyeq1.9.0-2
ruby-lang:rubyruby-lang rubyeq1.9.0-20060415
ruby-lang:rubyruby-lang rubyeq1.9.0-20070709
ruby-lang:rubyruby-lang rubyeq1.9.1
ruby-lang:rubyruby-lang rubyeq1.9.2

CPE	Name	Operator	Version
ruby-lang:ruby	ruby-lang ruby	le	1.9.2-p136
ruby-lang:ruby	ruby-lang ruby	eq	1.9
ruby-lang:ruby	ruby-lang ruby	eq	1.9.0
ruby-lang:ruby	ruby-lang ruby	eq	1.9.0-0
ruby-lang:ruby	ruby-lang ruby	eq	1.9.0-1
ruby-lang:ruby	ruby-lang ruby	eq	1.9.0-2
ruby-lang:ruby	ruby-lang ruby	eq	1.9.0-20060415
ruby-lang:ruby	ruby-lang ruby	eq	1.9.0-20070709
ruby-lang:ruby	ruby-lang ruby	eq	1.9.1
ruby-lang:ruby	ruby-lang ruby	eq	1.9.2