[FREEBSD:06ED6A49-BAD4-11EC-9CFE-0800270512F4] Ruby -- Buffer overrun in String-to-Float conversion
Severity
High
Affected Packages
5
CVEs
1
piao reports:
Due to a bug in an internal function that converts a String
to a Float, some convertion methods like Kernel#Float
and String#to_f could cause buffer over-read.
A typical consequence is a process termination due to
segmentation fault, but in a limited circumstances, it may
be exploitable for illegal memory read.
Package | Affected Version |
---|---|
pkg:freebsd/ruby32 | < 3.2.0.p1_1,1 |
pkg:freebsd/ruby31 | < 3.1.2,1 |
pkg:freebsd/ruby30 | < 3.0.4,1 |
pkg:freebsd/ruby27 | < 2.7.6,1 |
pkg:freebsd/ruby | < 2.7.6,1 |
- ID
- FREEBSD:06ED6A49-BAD4-11EC-9CFE-0800270512F4
- Severity
- high
- Severity from
- CVE-2022-28739
- URL
- http://vuxml.freebsd.org/freebsd/06ed6a49-bad4-11ec-9cfe-0800270512f4.html
- Published
-
2022-04-12T00:00:00
(2 years ago) - Modified
-
2022-04-13T00:00:00
(2 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
- ALAS-2022-1638
- ALAS2-2022-1853
- ALPINE:CVE-2022-28739
- ALSA-2022:6447
- ALSA-2022:6450
- ALSA-2022:6585
- ALSA-2023:7025
- ELSA-2022-5338
- ELSA-2022-6447
- ELSA-2022-6450
- ELSA-2022-6585
- ELSA-2023-12064
- ELSA-2023-7025
- FEDORA-2022-82a9edac27
- FEDORA-2022-8cf0124add
- FEDORA-2022-a7ca6ee0cf
- GLSA-202401-27
- MS:CVE-2022-28739
- RHSA-2022:5338
- RHSA-2022:6447
- RHSA-2022:6450
- RHSA-2022:6585
- RHSA-2023:7025
- RLSA-2022:5338
- RLSA-2022:6447
- RLSA-2022:6450
- RLSA-2022:6585
- SSA:2022-103-01
- SUSE-SU-2022:1512-1
- USN-5462-1
- USN-5462-2
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/ |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/ruby32 | ruby32 | < 3.2.0.p1_1,1 | ||||
Affected | pkg:freebsd/ruby31 | ruby31 | < 3.1.2,1 | ||||
Affected | pkg:freebsd/ruby30 | ruby30 | < 3.0.4,1 | ||||
Affected | pkg:freebsd/ruby27 | ruby27 | < 2.7.6,1 | ||||
Affected | pkg:freebsd/ruby | ruby | < 2.7.6,1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |