Bug 2075685 (CVE-2022-28738)
Summary: | CVE-2022-28738 Ruby: Double free in Regexp compilation | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Sage McTaggart <amctagga> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | hhorak, jaruga, jorton, jprokop, mo, mtasaka, pvalena, ruby-maint, ruby-packagers-sig, s, strzibny, vanmeeuwen+fedora, vondruch, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ruby 3.0.4, ruby 3.1.2 | Doc Type: | If docs needed, set a value |
Doc Text: |
A double-free vulnerability was found in Ruby. The issue occurs during Regexp compilation. This flaw allows an attacker to create a Regexp object with a crafted source string that could cause the same memory to be freed twice.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-11-29 15:27:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2078342, 2078343, 2078344, 2078345, 2109430, 2109434, 2123285, 2128624 | ||
Bug Blocks: | 2075682 |
Description
Sage McTaggart
2022-04-14 21:34:16 UTC
Created ruby tracking bugs for this issue: Affects: fedora-all [bug 2078342] Created ruby:3.0/ruby tracking bugs for this issue: Affects: fedora-all [bug 2078343] This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6450 https://access.redhat.com/errata/RHSA-2022:6450 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:6585 https://access.redhat.com/errata/RHSA-2022:6585 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:6855 https://access.redhat.com/errata/RHSA-2022:6855 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-28738 |