CVE-2011-0188

🗓️ 23 Mar 2011 01:00:00Reported by appleType

The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue.

Reporter	Title	Published	Views	Family All 93
Tenable Nessus	Mac OS X 10.6 < 10.6.7 Multiple Vulnerabilities	21 Mar 201100:00	–	nessus
Tenable Nessus	Mac OS X 10.6 < 10.6.7 Multiple Vulnerabilities	21 Mar 201100:00	–	nessus
Tenable Nessus	CentOS 4 : ruby (CESA-2011:0908)	15 Aug 201100:00	–	nessus
Tenable Nessus	CentOS 5 : ruby (CESA-2011:0909)	29 Jun 201300:00	–	nessus
Tenable Nessus	Debian DLA-235-1 : ruby1.9.1 security update	1 Jun 201500:00	–	nessus
Tenable Nessus	Debian DLA-88-1 : ruby1.8 security update	26 Mar 201500:00	–	nessus
Tenable Nessus	GLSA-201412-27 : Ruby: Denial of Service	15 Dec 201400:00	–	nessus
Tenable Nessus	Mac OS X 10.6.x < 10.6.7 Multiple Vulnerabilities	22 Mar 201100:00	–	nessus
Tenable Nessus	Mac OS X Multiple Vulnerabilities (Security Update 2011-001)	22 Mar 201100:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : ruby (MDVSA-2011:097)	24 May 201100:00	–	nessus

NVD

Node

ruby-lang rubyRange≤1.9.2-p136

ruby-lang rubyMatch1.9

ruby-lang rubyMatch1.9r18423

ruby-lang rubyMatch1.9.0

ruby-lang rubyMatch1.9.0r18423

ruby-lang rubyMatch1.9.0-0

ruby-lang rubyMatch1.9.0-1

ruby-lang rubyMatch1.9.0-2

ruby-lang rubyMatch1.9.0-20060415

ruby-lang rubyMatch1.9.0-20070709

ruby-lang rubyMatch1.9.1

ruby-lang rubyMatch1.9.1-p0

ruby-lang rubyMatch1.9.1-p129

ruby-lang rubyMatch1.9.1-p243

ruby-lang rubyMatch1.9.1-p376

ruby-lang rubyMatch1.9.1-p429

ruby-lang rubyMatch1.9.1-preview_1

ruby-lang rubyMatch1.9.1-preview_2

ruby-lang rubyMatch1.9.1-rc1

ruby-lang rubyMatch1.9.1-rc2

ruby-lang rubyMatch1.9.2

ruby-lang rubyMatch1.9.2dev

AND

apple mac_os_xMatch10.5.8

apple mac_os_xMatch10.6.0

apple mac_os_xMatch10.6.1

apple mac_os_xMatch10.6.2

apple mac_os_xMatch10.6.3

apple mac_os_xMatch10.6.4

apple mac_os_xMatch10.6.5

apple mac_os_xMatch10.6.6

apple mac_os_x_serverMatch10.5.8

apple mac_os_x_serverMatch10.6.0

apple mac_os_x_serverMatch10.6.1

apple mac_os_x_serverMatch10.6.2

apple mac_os_x_serverMatch10.6.3

apple mac_os_x_serverMatch10.6.4

apple mac_os_x_serverMatch10.6.5

apple mac_os_x_serverMatch10.6.6

Source	Link
svn	www.svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
mandriva	www.mandriva.com/security/advisories
redhat	www.redhat.com/support/errata/RHSA-2011-0908.html
securitytracker	www.securitytracker.com/id
redhat	www.redhat.com/support/errata/RHSA-2011-0910.html
support	www.support.apple.com/kb/HT4581
lists	www.lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
mandriva	www.mandriva.com/security/advisories
redhat	www.redhat.com/support/errata/RHSA-2011-0909.html

29 Apr 2026 01:13Current

5.7Medium risk

Vulners AI Score5.7

CVSS 26.8

EPSS0.01937

CWE-189