Is CVE-2008-2663 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 4%.

What products does CVE-2008-2663 affect?

Tracked products affected include Ruby, Ubuntu. Check the version you run to see whether it is affected.

How do I fix CVE-2008-2663?

Apply the vendor fix promptly. Upgrade affected products to a fixed version.

CVE-2008-2663

Q: What is CVE-2008-2663?

CVE-2008-2663 is a high-severity software vulnerability (Integer overflow) with a CVSS score of 10. Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of

HIGH severity · CVSS 10 · Integer overflow

10CVSS HIGH

Summary

Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges required—

User interaction—

Confidentiality impact—

Integrity impact—

Availability impact—

Exploit probability (EPSS)4%

AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected products we track (2)

Ruby Ubuntu

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

CVE-2008-2663

Summary

Impact & exploitability

Affected products we track (2)

Recommendation

Additional information