Bug 2075687 (CVE-2022-28739)
| Summary: | CVE-2022-28739 ruby: Buffer overrun in String-to-Float conversion | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Sage McTaggart <amctagga> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | hhorak, jaruga, jorton, jprokop, mo, mtasaka, pvalena, ruby-maint, ruby-packagers-sig, s, strzibny, vanmeeuwen+fedora, vondruch |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Ruby 2.6.10, Ruby 2.7.6, Ruby 3.0.4, Ruby 3.1.2 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-07-01 01:40:19 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2078346, 2078347, 2078348, 2078349, 2078350, 2078351, 2078352, 2078353, 2078354, 2078355, 2078356, 2078357, 2091008, 2109425, 2109429, 2109433, 2123288, 2123289, 2128623, 2128630 | ||
| Bug Blocks: | 2075682 | ||
|
Description
Sage McTaggart
2022-04-14 21:37:04 UTC
Created ruby tracking bugs for this issue: Affects: fedora-all [bug 2078346] Created ruby:2.5/ruby tracking bugs for this issue: Affects: fedora-all [bug 2078347] Created ruby:2.6/ruby tracking bugs for this issue: Affects: fedora-all [bug 2078348] Created ruby:2.7/ruby tracking bugs for this issue: Affects: fedora-all [bug 2078349] Created ruby:3.0/ruby tracking bugs for this issue: Affects: fedora-all [bug 2078350] Created ruby:master/ruby tracking bugs for this issue: Affects: fedora-all [bug 2078351] This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5338 https://access.redhat.com/errata/RHSA-2022:5338 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-28739 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6447 https://access.redhat.com/errata/RHSA-2022:6447 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6450 https://access.redhat.com/errata/RHSA-2022:6450 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:6585 https://access.redhat.com/errata/RHSA-2022:6585 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:6855 https://access.redhat.com/errata/RHSA-2022:6855 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:6856 https://access.redhat.com/errata/RHSA-2022:6856 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:7025 https://access.redhat.com/errata/RHSA-2023:7025 |