CVE-2011-0188

2011-03-2200:00:00

ubuntu.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.029 Low

EPSS

Percentile

90.6%

JSON

The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby
1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other
platforms, does not properly allocate memory, which allows
context-dependent attackers to execute arbitrary code or cause a denial of
service (application crash) via vectors involving creation of a large
BigDecimal value within a 64-bit process, related to an “integer truncation
issue.”

Bugs

Notes

Author	Note
tyhicks	Test case in comment #1 of RH tracker

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchruby1.8< 1.8.7.249-2ubuntu0.1UNKNOWN
ubuntu10.10noarchruby1.8< 1.8.7.299-2ubuntu0.1UNKNOWN
ubuntu11.04noarchruby1.8< 1.8.7.302-2ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	ruby1.8	< 1.8.7.249-2ubuntu0.1	UNKNOWN
ubuntu	10.10	noarch	ruby1.8	< 1.8.7.299-2ubuntu0.1	UNKNOWN
ubuntu	11.04	noarch	ruby1.8	< 1.8.7.302-2ubuntu0.1	UNKNOWN