CVE-2011-0188

Description

The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."

References

Link	Tags
http://www.redhat.com/support/errata/RHSA-2011-0910.html	vendor advisory
http://www.securitytracker.com/id?1025236	vdb entry
http://www.mandriva.com/security/advisories?name=MDVSA-2011:098	vendor advisory
http://www.redhat.com/support/errata/RHSA-2011-0909.html	vendor advisory
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html	patch vendor advisory
http://www.redhat.com/support/errata/RHSA-2011-0908.html	vendor advisory
https://bugzilla.redhat.com/show_bug.cgi?id=682332	patch
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993	patch vendor advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:097	vendor advisory
http://support.apple.com/kb/HT4581	patch

Frequently Asked Questions

What is the severity of CVE-2011-0188?: CVE-2011-0188 has been scored as a medium severity vulnerability.
How to fix CVE-2011-0188?: To fix CVE-2011-0188, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2011-0188 being actively exploited in the wild?: It is possible that CVE-2011-0188 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~3% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-189 – Numeric Errors

References

Frequently Asked Questions