VYPR
Unrated severityNVD Advisory· Published Jun 24, 2008· Updated Jun 16, 2026

CVE-2008-2664

CVE-2008-2664

Description

The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
    Range: <=1.8.4
  • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*+ 3 more
    • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • Range: <=1.8.4, 1.8.5<1.8.5-p231, 1.8.6<1.8.6-p230, 1.8.7<1.8.7-p22, 1.9.0<1.9.0-2

Patches

Vulnerability mechanics

References

40

News mentions

0

No linked articles in our index yet.