[FREEBSD:F22144D7-BAD1-11EC-9CFE-0800270512F4] Ruby -- Double free in Regexp compilation
Severity
Critical
Affected Packages
4
CVEs
1
piao reports:
Due to a bug in the Regexp compilation process, creating
a Regexp object with a crafted source string could cause
the same memory to be freed twice. This is known as a
"double free" vulnerability. Note that, in general, it
is considered unsafe to create and use a Regexp object
generated from untrusted input. In this case, however,
following a comprehensive assessment, we treat this issue
as a vulnerability.
Package | Affected Version |
---|---|
pkg:freebsd/ruby32 | < 3.2.0.p1_1,1 |
pkg:freebsd/ruby31 | < 3.1.2,1 |
pkg:freebsd/ruby30 | < 3.0.4,1 |
pkg:freebsd/ruby | < 3.0.4,1 |
- ID
- FREEBSD:F22144D7-BAD1-11EC-9CFE-0800270512F4
- Severity
- critical
- Severity from
- CVE-2022-28738
- URL
- http://vuxml.freebsd.org/freebsd/f22144d7-bad1-11ec-9cfe-0800270512f4.html
- Published
-
2022-04-12T00:00:00
(2 years ago) - Modified
-
2022-04-13T00:00:00
(2 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/ |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |