Description

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Remediation

References

CVE-2008-2726

Related Vulnerabilities

WordPress Plugin Feedweb Unspecified Vulnerability (3.0.7)

WordPress Plugin Ocean Extra Cross-Site Request Forgery (1.6.5)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8117)

Internet Information Services Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-1999-0348)

Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-1042)

Severity

High

Classification

CVE-2008-2726

Tags

Missing Update Known Vulnerabilities