CVE-2008-2664

N/A Unknown
Published: June 24, 2008 Modified: April 23, 2026
View on NVD

Description

The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/
Source: cve@mitre.org
Third Party Advisory
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/30802
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/30831
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/30867
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/30875
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/30894
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/31062
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/31090
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/31181
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/31256
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/31687
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/33178
Source: cve@mitre.org
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200812-17.xml
Source: cve@mitre.org
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562
Source: cve@mitre.org
Mailing List Third Party Advisory
http://support.apple.com/kb/HT2163
Source: cve@mitre.org
Third Party Advisory
http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities
Source: cve@mitre.org
Third Party Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206
Source: cve@mitre.org
Broken Link
http://www.debian.org/security/2008/dsa-1612
Source: cve@mitre.org
Third Party Advisory
http://www.debian.org/security/2008/dsa-1618
Source: cve@mitre.org
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:140
Source: cve@mitre.org
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:141
Source: cve@mitre.org
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:142
Source: cve@mitre.org
Third Party Advisory
http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/
Source: cve@mitre.org
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0561.html
Source: cve@mitre.org
Third Party Advisory
http://www.ruby-forum.com/topic/157034
Source: cve@mitre.org
Third Party Advisory
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/
Source: cve@mitre.org
Patch Vendor Advisory
http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html
Source: cve@mitre.org
Third Party Advisory
http://www.securityfocus.com/archive/1/493688/100/0/threaded
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/29903
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1020347
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-621-1
Source: cve@mitre.org
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1907/references
Source: cve@mitre.org
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1981/references
Source: cve@mitre.org
Third Party Advisory
http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html
Source: cve@mitre.org
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/43348
Source: cve@mitre.org
Third Party Advisory VDB Entry
https://issues.rpath.com/browse/RPL-2626
Source: cve@mitre.org
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9646
Source: cve@mitre.org
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html
Source: cve@mitre.org
Third Party Advisory
http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/30802
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/30831
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/30867
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/30875
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/30894
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/31062
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/31090
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/31181
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/31256
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/31687
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/33178
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200812-17.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://support.apple.com/kb/HT2163
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.debian.org/security/2008/dsa-1612
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2008/dsa-1618
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:140
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:141
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:142
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0561.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ruby-forum.com/topic/157034
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/archive/1/493688/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/29903
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1020347
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-621-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1907/references
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1981/references
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/43348
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://issues.rpath.com/browse/RPL-2626
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9646
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

80 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
6.3%
91th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-399

Affected Vendors

debian canonical ruby-lang

Related CVEs

CVE-2026-42615 7.2
CVE-2026-23773 4.3
CVE-2026-40560 N/A
CVE-2026-7363 N/A
CVE-2026-7361 N/A