Description

The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."

Remediation

References

CVE-2011-0188

Related Vulnerabilities

qdPM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-19515)

Apache HTTP Server Cryptographic Issues Vulnerability (CVE-2016-0736)

WordPress Plugin RSS Post Importer Unspecified Vulnerability (2.5.0)

Oracle Database Server CVE-2012-0520 Vulnerability (CVE-2012-0520)

WordPress Plugin Appointment Booking Calendar-BirchPress Scheduler Unspecified Vulnerability (1.13.0)

Severity

Medium

Classification

CVE-2011-0188

Tags

Missing Update Known Vulnerabilities