[FREEBSD:2CE1A2F1-0177-11EF-A45E-08002784C58D] ruby -- Arbitrary memory address read vulnerability with Regex search
Affected Packages
4
CVEs
1
sp2ip reports:
If attacker-supplied data is provided to the Ruby regex
compiler, it is possible to extract arbitrary heap data
relative to the start of the text, including pointers and
sensitive strings.
| Package | Affected Version |
|---|---|
 pkg:freebsd/ruby33
|
< 3.3.1,1 |
|
pkg:freebsd/ruby32
|
< 3.2.4,1 |
|
pkg:freebsd/ruby31
|
< 3.1.5,1 |
|
pkg:freebsd/ruby
|
< 3.1.5,1 |
- ID
- FREEBSD:2CE1A2F1-0177-11EF-A45E-08002784C58D
- URL
- http://vuxml.freebsd.org/freebsd/2ce1a2f1-0177-11ef-a45e-08002784c58d.html
- Published
-
2024-04-23T00:00:00
(4 months ago) - Modified
-
2024-04-23T00:00:00
(4 months ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
-
ALPINE:CVE-2024-27282
-
ALSA-2024:3500
-
ALSA-2024:3546
-
ALSA-2024:3668
-
ALSA-2024:3670
-
ALSA-2024:3671
-
ALSA-2024:3838
-
ALSA-2024:4499
-
DSA-5677-1
-
ELSA-2024-3500
-
ELSA-2024-3546
-
ELSA-2024-3668
-
ELSA-2024-3670
-
ELSA-2024-3671
-
ELSA-2024-3838
-
ELSA-2024-4499
-
FEDORA-2024-14db7b21a2
-
FEDORA-2024-31cac8b8ec
-
FEDORA-2024-48bdd3abbf
-
RHSA-2024:3500
-
RHSA-2024:3546
-
RHSA-2024:3668
-
RHSA-2024:3670
-
RHSA-2024:3671
-
RHSA-2024:3838
-
RHSA-2024:4499
-
SSA:2024-114-01
-
USN-6838-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| FreeBSD VuXML |
|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |