[FREEBSD:9B60BBA1-CF18-11ED-BD44-080027F5FEC9] rubygem-uri -- ReDoS vulnerability

Severity Medium

Affected Packages 6

CVEs 1

Dominic Couture reports:

    A ReDoS issue was discovered in the URI component. The URI
    parser mishandles invalid URLs that have specific
    characters. It causes an increase in execution time for
    parsing strings to URI objects.

Package	Affected Version
pkg:freebsd/rubygem-uri	< 0.12.1
pkg:freebsd/ruby32	< 3.2.2,1
pkg:freebsd/ruby31	< 3.1.4,1
pkg:freebsd/ruby30	< 3.0.6,1
pkg:freebsd/ruby27	< 2.7.8,1
pkg:freebsd/ruby	< 2.7.8,1

ID

FREEBSD:9B60BBA1-CF18-11ED-BD44-080027F5FEC9

Severity

medium

Severity from

CVE-2023-28755

URL

http://vuxml.freebsd.org/freebsd/9b60bba1-cf18-11ed-bd44-080027f5fec9.html

Published

2023-03-28T00:00:00
(17 months ago)

Modified

2023-03-30T00:00:00
(17 months ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/

Type	Package URL	Name / Product	Version
Affected	pkg:freebsd/rubygem-uri	rubygem-uri	< 0.12.1
Affected	pkg:freebsd/ruby32	ruby32	< 3.2.2,1
Affected	pkg:freebsd/ruby31	ruby31	< 3.1.4,1
Affected	pkg:freebsd/ruby30	ruby30	< 3.0.6,1
Affected	pkg:freebsd/ruby27	ruby27	< 2.7.8,1
Affected	pkg:freebsd/ruby	ruby	< 2.7.8,1

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date