14 matches found
CVE-2008-2664
CVE-2008-2664 details: In Ruby, the rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context‑dependent attackers to trigger memory corruption via unspecified vectors related to alloca. This ...
CVE-2008-3656
The CVE-2008-3656 issue is a denial-of-service in WEBrick’s HTTP header handling: WEBrick::HTTPUtils.split_header_value in WEBrick::DefaultFileHandler backed by a backtracking regex causes CPU exhaustion when processing crafted HTTP requests. Affected Ruby versions include 1.8.5 and earlier, 1.8....
CVE-2008-3655
CVE-2008-3655 affects Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423. It does not properly restrict access to critical variables and methods at various safe levels, allowing context‑dependent attackers to bypass access restrictions via (1) untrac...
CVE-2008-2662
CVE-2008-2662 is a Ruby vulnerability: multiple integer overflows in rb_str_buf_append() across Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2. These overflows allow context-dependent attackers to execute arbitrary code o...
CVE-2008-2726
CVE-2008-2726 is described in connected docs as an integer overflow in rb_ary_splice on Ruby 1.8.4 and earlier (and related 1.8.x lines) that allows context-dependent memory corruption. MiracleLinux AXSA-2008-86:01 explicitly includes CVE-2008-2726 among ruby issues and references the Real Alloc_...
CVE-2008-3905
CVE-2008-3905 is associated with Ruby’s DNS resolver (resolv.rb). The issue stems from predictable transaction IDs and a fixed source port when sending DNS requests, enabling remote attackers to spoof DNS replies. The connected advisories confirm that resolv.rb’s DNS request handling could be exp...
CVE-2008-3443
CVE-2008-3443 affects Ruby’s regex engine in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423. The issue enables remote attackers to cause a denial of service (infinite loop and crash) by sending multiple long requests to a Ruby socket (notably Web...
CVE-2008-1891
The CVE-2008-1891 entry covers a directory traversal in WEBrick for Ruby (affecting Ruby 1.8.4 and earlier, 1.8.5 before p231, 1.8.6 before p230, 1.8.7 before p22, and 1.9.0 before 1.9.0‑2) when using NTFS/FAT filesystems. An attacker could read arbitrary CGI files by supplying a trailing charact...
CVE-2008-2725
CVE-2008-2725 is an integer overflow in Ruby’s rb_ary_splice (and related issues in rb_ary_splice) affecting Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22. The vulnerability can trigger memory corruption via unspecified vectors in context-dep...
CVE-2008-3790
CVE-2008-3790 details Affected software: Ruby (versions 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9). Vulnerable component: REXML module. Root cause/impact: XML entity explosion in XML documents enables context-dependent attackers to cause a denial of service (CPU consumption). Exp...
CVE-2008-2663
Ruby 1.8.4 and earlier (and 1.8.5-p231, 1.8.6-p230, 1.8.7-p22) are affected by an integer overflow in rb_ary_store that can enable context-dependent arbitrary code execution or a denial of service (CVE-2008-2663). The MiracleLinux, Oracle Linux, and Red Hat advisories in the connected documents r...
CVE-2008-2376
CVE-2008-2376 is an integer overflow in Ruby’s rb_ary_fill (array.c) that affects Ruby before revision 17756, allowing context-dependent attackers to cause a crash or potentially other impact via Array#fill when start (beg) > ARY_MAX_SIZE. The issue arises from an incomplete fix for related ov...
CVE-2008-3657
CVE-2008-3657 is a confirmed issue in the Ruby DL module where inputs are not tainted, allowing context-dependent attackers to bypass safe levels and call dangerous functions via DL.dlopen. Affected are Ruby 1.8.5 and older, 1.8.6 up to -p286, 1.8.7 up to -p71, and 1.9 up to r18423. Connected adv...
CVE-2008-4310
CVE-2008-4310 is a WEBrick Denial of Service issue: httputils.rb in WEBrick used by Ruby 1.8.1 and 1.8.5 (as deployed in RHEL 4/5) can be triggered by a crafted HTTP request, causing CPU exhaustion. The note indicates it stems from an incomplete fix for CVE-2008-3656. Connected advisories show ve...