CRITICAL✓ PATCH🇬🇧 English

CVE-2022-28738

CVSS 9.8v3.1pub. 2022-05-09upd. 2024-11-21

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ruby Lang Ruby

    APP
    Ruby-Lang
    3.0.0 – 3.0.4 (bez)3.1.0 – 3.1.2 (bez)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2016-2338CRITICAL9.8ten sam produkt

An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Ps...

CVE-2021-41816CRITICAL9.8ten sam produkt

CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflo...

CVE-2011-4121CRITICAL9.8ten sam produkt

The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an expon...

CVE-2018-16395CRITICAL9.8ten sam produkt

An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, a...

CVE-2018-8780CRITICAL9.1ten sam produkt

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir...