Description
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."
Remediation
References
Related Vulnerabilities
MySQL CVE-2014-4238 Vulnerability (CVE-2014-4238)
LimeSurvey Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2019-16187)
Atlassian Jira Other Vulnerability (CVE-2019-14997)
WordPress Plugin Disqus Comment System Multiple Vulnerabilities (2.75)
WordPress Plugin Lazy content Slider Cross-Site Request Forgery (3.4)