class Dawn::Kb::CVE_2011_0188
Public Class Methods
new()
click to toggle source
Calls superclass method
Dawn::Kb::ComboCheck::new
# File lib/dawn/kb/cve_2011_0188.rb, line 47 def initialize message = "The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an \"integer truncation issue.\"" super({ :name=>"CVE-2011-0188", :cvss=>"AV:N/AC:M/Au:N/C:P/I:P/A:P", :release_date => Date.new(2011, 3, 23), :cwe=>"189", :owasp=>"A9", :applies=>["sinatra", "padrino", "rails"], :kind=>Dawn::KnowledgeBase::COMBO_CHECK, :message=>message, :mitigation=>"Please upgrade your ruby interpreter", :aux_links=>["https://bugzilla.redhat.com/show_bug.cgi?id=682332"], :checks=>[CVE_2011_0188_a.new, CVE_2011_0188_b.new] }) end