CVE-2008-2663

Severity CVSS v4.0:

Pending analysis

Type:

CWE-190 Integer Overflow or Wraparound

Publication date:

24/06/2008

Last modified:

09/04/2025

Description

Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Impact

Vector 2.0

AV:N/AC:L/Au:N/C:C/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 10.00 HIGH
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete

Base Score 2.0

10.00

Severity 2.0

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:ruby-lang:ruby::::::::		1.8.4 (including)
cpe:2.3:a:ruby-lang:ruby::::::::	1.8.5 (excluding)	1.8.5.231 (excluding)
cpe:2.3:a:ruby-lang:ruby::::::::	1.8.6 (including)	1.8.6.230 (excluding)
cpe:2.3:a:ruby-lang:ruby::::::::	1.8.7 (including)	1.8.7.22 (excluding)
cpe:2.3:o:debian:debian_linux:4.0:::::::*
cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*
cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts:::

To consult the complete list of CPE names with products and versions, see this page

CVE-2008-2663

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools