2075685 – (CVE-2022-28738) CVE-2022-28738 Ruby: Double free in Regexp compilation

Bug 2075685 (CVE-2022-28738) - CVE-2022-28738 Ruby: Double free in Regexp compilation

Summary: CVE-2022-28738 Ruby: Double free in Regexp compilation

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2022-28738
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2078342 2078343 2078344 2078345 2109430 2109434 2123285 2128624
Blocks:	2075682
TreeView+	depends on / blocked

Reported:	2022-04-14 21:34 UTC by Sage McTaggart
Modified:	2022-11-29 15:27 UTC (History)
CC List:	14 users (show)
Fixed In Version:	ruby 3.0.4, ruby 3.1.2
Clone Of:
Environment:
Last Closed:	2022-11-29 15:27:42 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2022:6450	None	None	None	2022-09-13 09:45:10 UTC
Red Hat Product Errata	RHSA-2022:6585	None	None	None	2022-09-20 13:44:47 UTC
Red Hat Product Errata	RHSA-2022:6855	None	None	None	2022-10-11 07:31:34 UTC

Description Sage McTaggart 2022-04-14 21:34:16 UTC

VE-2022-28738: Double free in Regexp compilation

Posted by mame on 12 Apr 2022

A double-free vulnerability is discovered in Regexp compilation. This vulnerability has been assigned the CVE identifier CVE-2022-28738. We strongly recommend upgrading Ruby.
Details

Due to a bug in the Regexp compilation process, creating a Regexp object with a crafted source string could cause the same memory to be freed twice. This is known as a “double free” vulnerability. Note that, in general, it is considered unsafe to create and use a Regexp object generated from untrusted input. In this case, however, following a comprehensive assessment, we treat this issue as a vulnerability.

Please update Ruby to 3.0.4, or 3.1.2.
Affected versions

    ruby 3.0.3 or prior
    ruby 3.1.1 or prior

Note that ruby 2.6 series and 2.7 series are not affected.
Credits

Thanks to piao for discovering this issue.
History

    Originally published at 2022-04-12 12:00:00 (UTC)

Comment 1 Sandipan Roy 2022-04-25 04:59:17 UTC

Created ruby tracking bugs for this issue:

Affects: fedora-all [bug 2078342]


Created ruby:3.0/ruby tracking bugs for this issue:

Affects: fedora-all [bug 2078343]

Comment 5 errata-xmlrpc 2022-09-13 09:45:08 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:6450 https://access.redhat.com/errata/RHSA-2022:6450

Comment 6 errata-xmlrpc 2022-09-20 13:44:44 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:6585 https://access.redhat.com/errata/RHSA-2022:6585

Comment 7 errata-xmlrpc 2022-10-11 07:31:31 UTC

This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7

Via RHSA-2022:6855 https://access.redhat.com/errata/RHSA-2022:6855

Comment 8 Product Security DevOps Team 2022-11-29 15:27:39 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-28738

Note You need to log in before you can comment on or make changes to this bug.