CVE-2023-28755

CVSS v3.1 5.3 (Medium)

EPSS 0.35 % (72^th)

Affected Products 3

Advisories 35

NVD Status Modified

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.

Weaknesses

CWE-1333: Inefficient Regular Expression Complexity

Related CVEs

CVE-2023-36617

CVE Status: PUBLISHED
NVD Status: Modified
CNA: MITRE
Published Date: 2023-03-31 04:15:09
(17 months ago)
Updated Date: 2024-05-04 03:15:06
(4 months ago)

Affected Products

Debian

Debian Linux

Fedoraproject

Fedora

Ruby-lang

Configuration #1

	CPE23	Up To
Ruby-lang Uri for Ruby 0.10.0 and prior versions	cpe:2.3:a:ruby-lang:uri::::::ruby	<= 0.10.0
Ruby-lang Uri 0.10.1 for Ruby	cpe:2.3:a:ruby-lang:uri:0.10.1:::::ruby
Ruby-lang Uri 0.11.0 for Ruby	cpe:2.3:a:ruby-lang:uri:0.11.0:::::ruby
Ruby-lang Uri 0.12.0 for Ruby	cpe:2.3:a:ruby-lang:uri:0.12.0:::::ruby

Configuration #2

		CPE23	From	Up To
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0
	Fedoraproject Fedora 36	cpe:2.3:o:fedoraproject:fedora:36
	Fedoraproject Fedora 37	cpe:2.3:o:fedoraproject:fedora:37
	Fedoraproject Fedora 38	cpe:2.3:o:fedoraproject:fedora:38