CVE-2023-28756

CVSS v3.1 5.3 (Medium)

EPSS 0.35 % (72^th)

Affected Products 4

Advisories 31

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

Weaknesses

CWE-1333: Inefficient Regular Expression Complexity

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2023-03-31 04:15:09
(17 months ago)
Updated Date: 2024-01-24 05:15:13
(7 months ago)

Affected Products

Configuration #1

	CPE23	Up To
Ruby-lang Ruby 2.7.7 and prior versions	cpe:2.3:a:ruby-lang:ruby	<= 2.7.7
Ruby-lang Time 0.1.0 for Ruby	cpe:2.3:a:ruby-lang:time:0.1.0:::::ruby
Ruby-lang Time 0.2.1 for Ruby	cpe:2.3:a:ruby-lang:time:0.2.1:::::ruby

Configuration #2

		CPE23	From	Up To
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0
	Fedoraproject Fedora 36	cpe:2.3:o:fedoraproject:fedora:36
	Fedoraproject Fedora 37	cpe:2.3:o:fedoraproject:fedora:37
	Fedoraproject Fedora 38	cpe:2.3:o:fedoraproject:fedora:38

Weaknesses

Affected Products

Debian

Fedoraproject

Ruby-lang

Configuration #1

Configuration #2