CVE-2022-28738

CVSS v3.1 9.8 (Critical)

CVSS v2.0 7.5 (High)

EPSS 0.45 % (76^th)

Affected Products 1

Advisories 16

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.

Weaknesses

CWE-415: Double Free

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2022-05-09 18:15:08
(2 years ago)
Updated Date: 2024-01-24 05:15:12
(7 months ago)

Affected Products

Ruby-lang

Ruby

Configuration #1

		CPE23	From	Up To
	Ruby-lang Ruby from 3.0.0 version and prior 3.0.4 version	cpe:2.3:a:ruby-lang:ruby	>= 3.0.0	< 3.0.4
	Ruby-lang Ruby from 3.1.0 version and prior 3.1.2 version	cpe:2.3:a:ruby-lang:ruby	>= 3.1.0	< 3.1.2