Bug 2276810 (CVE-2024-27282)

Summary: CVE-2024-27282 ruby: Arbitrary memory address read vulnerability with Regex search
Product: [Other] Security Response Reporter: Avinash Hanwate <ahanwate>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jaruga
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: ruby 3.3.1, ruby 3.0.7, ruby 3.1.5, ruby 3.2.4 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Ruby. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2276811, 2276812, 2276813, 2276814    
Bug Blocks: 2276815    

Description Avinash Hanwate 2024-04-24 05:08:00 UTC 
An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings.

https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/
Comment 1 Avinash Hanwate 2024-04-24 05:11:30 UTC 
Created ruby tracking bugs for this issue:

Affects: fedora-38 [bug 2276811]
Affects: fedora-39 [bug 2276813]
Affects: fedora-40 [bug 2276814]


Created ruby:3.1/ruby tracking bugs for this issue:

Affects: fedora-38 [bug 2276812]
Comment 5 errata-xmlrpc 2024-05-30 13:12:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3500 https://access.redhat.com/errata/RHSA-2024:3500
Comment 6 errata-xmlrpc 2024-06-03 07:15:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3546 https://access.redhat.com/errata/RHSA-2024:3546
Comment 7 errata-xmlrpc 2024-06-06 08:57:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:3668 https://access.redhat.com/errata/RHSA-2024:3668
Comment 8 errata-xmlrpc 2024-06-06 09:23:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3670 https://access.redhat.com/errata/RHSA-2024:3670
Comment 9 errata-xmlrpc 2024-06-06 09:48:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:3671 https://access.redhat.com/errata/RHSA-2024:3671
Comment 10 errata-xmlrpc 2024-06-11 19:42:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:3838 https://access.redhat.com/errata/RHSA-2024:3838