VYPR
Unrated severityNVD Advisory· Published Jun 24, 2008· Updated Jun 16, 2026

CVE-2008-2726

CVE-2008-2726

Description

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
    Range: <=1.8.4
  • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*+ 3 more
    • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • Range: <=1.8.4, <1.8.5-p231, <1.8.6-p230, <1.8.7-p22, <1.9.0-2

Patches

Vulnerability mechanics

References

43

News mentions

0

No linked articles in our index yet.