Lucene search
K

14 matches found

CVE
CVE
added 2008/06/24 7:0 p.m.111 views

CVE-2008-2664

CVE-2008-2664 details: In Ruby, the rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context‑dependent attackers to trigger memory corruption via unspecified vectors related to alloca. This ...

7.8CVSS6.8AI score0.0428EPSS
CVE
CVE
added 2008/08/13 1:0 a.m.99 views

CVE-2008-3656

The CVE-2008-3656 issue is a denial-of-service in WEBrick’s HTTP header handling: WEBrick::HTTPUtils.split_header_value in WEBrick::DefaultFileHandler backed by a backtracking regex causes CPU exhaustion when processing crafted HTTP requests. Affected Ruby versions include 1.8.5 and earlier, 1.8....

7.8CVSS6.5AI score0.70202EPSS
Web
CVE
CVE
added 2008/08/13 1:0 a.m.98 views

CVE-2008-3655

CVE-2008-3655 affects Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423. It does not properly restrict access to critical variables and methods at various safe levels, allowing context‑dependent attackers to bypass access restrictions via (1) untrac...

7.5CVSS6.8AI score0.14085EPSS
CVE
CVE
added 2008/06/24 7:0 p.m.92 views

CVE-2008-2662

CVE-2008-2662 is a Ruby vulnerability: multiple integer overflows in rb_str_buf_append() across Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2. These overflows allow context-dependent attackers to execute arbitrary code o...

10CVSS7.2AI score0.04264EPSS
CVE
CVE
added 2008/06/24 7:0 p.m.92 views

CVE-2008-2726

CVE-2008-2726 is described in connected docs as an integer overflow in rb_ary_splice on Ruby 1.8.4 and earlier (and related 1.8.x lines) that allows context-dependent memory corruption. MiracleLinux AXSA-2008-86:01 explicitly includes CVE-2008-2726 among ruby issues and references the Real Alloc_...

7.8CVSS6.7AI score0.03759EPSS
CVE
CVE
added 2008/09/04 5:0 p.m.91 views

CVE-2008-3905

CVE-2008-3905 is associated with Ruby’s DNS resolver (resolv.rb). The issue stems from predictable transaction IDs and a fixed source port when sending DNS requests, enabling remote attackers to spoof DNS replies. The connected advisories confirm that resolv.rb’s DNS request handling could be exp...

5.8CVSS6.6AI score0.02415EPSS
CVE
CVE
added 2008/08/14 11:0 p.m.86 views

CVE-2008-3443

CVE-2008-3443 affects Ruby’s regex engine in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423. The issue enables remote attackers to cause a denial of service (infinite loop and crash) by sending multiple long requests to a Ruby socket (notably Web...

5CVSS6.5AI score0.15678EPSS
CVE
CVE
added 2008/04/18 10:0 p.m.85 views

CVE-2008-1891

The CVE-2008-1891 entry covers a directory traversal in WEBrick for Ruby (affecting Ruby 1.8.4 and earlier, 1.8.5 before p231, 1.8.6 before p230, 1.8.7 before p22, and 1.9.0 before 1.9.0‑2) when using NTFS/FAT filesystems. An attacker could read arbitrary CGI files by supplying a trailing charact...

5CVSS6.5AI score0.02813EPSS
CVE
CVE
added 2008/06/24 7:0 p.m.83 views

CVE-2008-2725

CVE-2008-2725 is an integer overflow in Ruby’s rb_ary_splice (and related issues in rb_ary_splice) affecting Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22. The vulnerability can trigger memory corruption via unspecified vectors in context-dep...

7.8CVSS7AI score0.037EPSS
CVE
CVE
added 2008/08/27 8:0 p.m.83 views

CVE-2008-3790

CVE-2008-3790 details Affected software: Ruby (versions 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9). Vulnerable component: REXML module. Root cause/impact: XML entity explosion in XML documents enables context-dependent attackers to cause a denial of service (CPU consumption). Exp...

5CVSS6.5AI score0.15197EPSS
CVE
CVE
added 2008/06/24 7:0 p.m.79 views

CVE-2008-2663

Ruby 1.8.4 and earlier (and 1.8.5-p231, 1.8.6-p230, 1.8.7-p22) are affected by an integer overflow in rb_ary_store that can enable context-dependent arbitrary code execution or a denial of service (CVE-2008-2663). The MiracleLinux, Oracle Linux, and Red Hat advisories in the connected documents r...

10CVSS7.2AI score0.04456EPSS
CVE
CVE
added 2008/07/09 12:0 a.m.76 views

CVE-2008-2376

CVE-2008-2376 is an integer overflow in Ruby’s rb_ary_fill (array.c) that affects Ruby before revision 17756, allowing context-dependent attackers to cause a crash or potentially other impact via Array#fill when start (beg) > ARY_MAX_SIZE. The issue arises from an incomplete fix for related ov...

7.5CVSS7.3AI score0.03601EPSS
CVE
CVE
added 2008/08/13 1:0 a.m.75 views

CVE-2008-3657

CVE-2008-3657 is a confirmed issue in the Ruby DL module where inputs are not tainted, allowing context-dependent attackers to bypass safe levels and call dangerous functions via DL.dlopen. Affected are Ruby 1.8.5 and older, 1.8.6 up to -p286, 1.8.7 up to -p71, and 1.9 up to r18423. Connected adv...

7.5CVSS6.7AI score0.13666EPSS
CVE
CVE
added 2008/12/09 12:0 a.m.66 views

CVE-2008-4310

CVE-2008-4310 is a WEBrick Denial of Service issue: httputils.rb in WEBrick used by Ruby 1.8.1 and 1.8.5 (as deployed in RHEL 4/5) can be triggered by a crafted HTTP request, causing CPU exhaustion. The note indicates it stems from an incomplete fix for CVE-2008-3656. Connected advisories show ve...

7.8CVSS6.3AI score0.13553EPSS