[FREEBSD:6BD2773C-CF1A-11ED-BD44-080027F5FEC9] rubygem-time -- ReDoS vulnerability

Severity Medium

Affected Packages 6

CVEs 1

ooooooo_q reports:

    The Time parser mishandles invalid strings that have
    specific characters. It causes an increase in execution
    time for parsing strings to Time objects.

Package	Affected Version
pkg:freebsd/rubygem-time	< 0.2.2
pkg:freebsd/ruby32	< 3.2.2,1
pkg:freebsd/ruby31	< 3.1.4,1
pkg:freebsd/ruby30	< 3.0.6,1
pkg:freebsd/ruby27	< 2.7.8,1
pkg:freebsd/ruby	< 2.7.8,1

ID

FREEBSD:6BD2773C-CF1A-11ED-BD44-080027F5FEC9

Severity

medium

Severity from

CVE-2023-28756

URL

http://vuxml.freebsd.org/freebsd/6bd2773c-cf1a-11ed-bd44-080027f5fec9.html

Published

2023-03-30T00:00:00
(17 months ago)

Modified

2023-03-30T00:00:00
(17 months ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/

Type	Package URL	Name / Product	Version
Affected	pkg:freebsd/rubygem-time	rubygem-time	< 0.2.2
Affected	pkg:freebsd/ruby32	ruby32	< 3.2.2,1
Affected	pkg:freebsd/ruby31	ruby31	< 3.1.4,1
Affected	pkg:freebsd/ruby30	ruby30	< 3.0.6,1
Affected	pkg:freebsd/ruby27	ruby27	< 2.7.8,1
Affected	pkg:freebsd/ruby	ruby	< 2.7.8,1

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date