CVE-2008-2376

NameCVE-2008-2376
DescriptionInteger overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1612-1, DSA-1618-1

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ruby1.8sourceetch1.8.5-4etch2DSA-1612-1
ruby1.8source(unstable)1.8.7.22-2
ruby1.9sourceetch1.9.0+20060609-1etch2DSA-1618-1
ruby1.9source(unstable)1.9.0.2-2

Notes

https://www.openwall.com/lists/oss-security/2008/07/02/3
Search for package or bug name: Reporting problems