Unrated severityNVD Advisory· Published Jun 24, 2008· Updated Apr 23, 2026
CVE-2008-2663
CVE-2008-2663
Description
Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
Affected products
6cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
40- www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/nvdPatchVendor Advisory
- blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/nvdThird Party Advisory
- lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlnvdThird Party Advisory
- secunia.com/advisories/30802nvdThird Party Advisory
- secunia.com/advisories/30831nvdThird Party Advisory
- secunia.com/advisories/30867nvdThird Party Advisory
- secunia.com/advisories/30875nvdThird Party Advisory
- secunia.com/advisories/30894nvdThird Party Advisory
- secunia.com/advisories/31062nvdThird Party Advisory
- secunia.com/advisories/31090nvdThird Party Advisory
- secunia.com/advisories/31181nvdThird Party Advisory
- secunia.com/advisories/31256nvdThird Party Advisory
- secunia.com/advisories/31687nvdThird Party Advisory
- secunia.com/advisories/33178nvdThird Party Advisory
- security.gentoo.org/glsa/glsa-200812-17.xmlnvdThird Party Advisory
- slackware.com/security/viewer.phpnvdMailing ListThird Party Advisory
- support.apple.com/kb/HT2163nvdThird Party Advisory
- weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilitiesnvdThird Party Advisory
- www.debian.org/security/2008/dsa-1612nvdThird Party Advisory
- www.debian.org/security/2008/dsa-1618nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/nvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2008-0561.htmlnvdThird Party Advisory
- www.ruby-forum.com/topic/157034nvdThird Party Advisory
- www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.htmlnvdThird Party Advisory
- www.securityfocus.com/archive/1/493688/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/29903nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/usn-621-1nvdThird Party Advisory
- www.vupen.com/english/advisories/2008/1907/referencesnvdThird Party Advisory
- www.vupen.com/english/advisories/2008/1981/referencesnvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/43346nvdThird Party AdvisoryVDB Entry
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10524nvdThird Party Advisory
- www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.htmlnvdThird Party Advisory
- wiki.rpath.com/wiki/Advisories:rPSA-2008-0206nvdBroken Link
- www.zedshaw.com/rants/the_big_ruby_vulnerabilities.htmlnvdBroken Link
- issues.rpath.com/browse/RPL-2626nvdBroken Link
News mentions
0No linked articles in our index yet.