Hide Forgot
Drew Yao of the Apple Product Security team reported an integer overflow leading to a memory mis-allocation and heap overflow in the rb_ary_splice() function used by ruby interpreter for handling arrays. For details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2725 Ruby 1.6.x does not have rb_ary_splice(), but the same vulnerable code exists in the rb_ary_replace() function. This issue is a ruby 1.6.x equivalent of CVE-2008-2725.
Drew Yao's patch for rb_ary_splice(): https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2725#c1
Public now, lifting embargo: http://preview.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities Patches applied upstream: (rb_ary_splice variant) http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17472
Based on the analysis noted in the: https://bugzilla.redhat.com/show_bug.cgi?id=451821#c12 it was decided to reject this CVE id and use only CVE-2008-2725 to cover this issue in all ruby versions. *** This bug has been marked as a duplicate of 451821 ***