Unrated severityNVD Advisory· Published Jul 9, 2008· Updated Apr 23, 2026
CVE-2008-2376
CVE-2008-2376
Description
Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
28- secunia.com/advisories/30927nvdVendor Advisory
- www.us-cert.gov/cas/techalerts/TA08-260A.htmlnvdUS Government Resource
- lists.apple.com/archives/security-announce//2008/Sep/msg00005.htmlnvd
- secunia.com/advisories/31006nvd
- secunia.com/advisories/31062nvd
- secunia.com/advisories/31090nvd
- secunia.com/advisories/31181nvd
- secunia.com/advisories/31256nvd
- secunia.com/advisories/32219nvd
- secunia.com/advisories/33178nvd
- security.gentoo.org/glsa/glsa-200812-17.xmlnvd
- svn.ruby-lang.org/cgi-bin/viewvc.cginvd
- wiki.rpath.com/Advisories:rPSA-2008-0218nvd
- wiki.rpath.com/wiki/Advisories:rPSA-2008-0218nvd
- www.debian.org/security/2008/dsa-1612nvd
- www.debian.org/security/2008/dsa-1618nvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.openwall.com/lists/oss-security/2008/07/02/3nvd
- www.redhat.com/support/errata/RHSA-2008-0561.htmlnvd
- www.securityfocus.com/archive/1/494104/100/0/threadednvd
- www.vupen.com/english/advisories/2008/2584nvd
- issues.rpath.com/browse/RPL-2639nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9863nvd
- usn.ubuntu.com/651-1/nvd
- www.redhat.com/archives/fedora-package-announce/2008-July/msg00112.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-July/msg00161.htmlnvd
News mentions
0No linked articles in our index yet.