Bug 2075685 (CVE-2022-28738) - CVE-2022-28738 Ruby: Double free in Regexp compilation
Summary: CVE-2022-28738 Ruby: Double free in Regexp compilation
Keywords:
Status: NEW
Alias: CVE-2022-28738
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2078343 2078344 2078345 2078342 2109430 2109434 2123285 2128624
Blocks: 2075682
TreeView+ depends on / blocked
 
Reported: 2022-04-14 21:34 UTC by amctagga
Modified: 2022-10-11 07:31 UTC (History)
14 users (show)

Fixed In Version: ruby 3.0.4, ruby 3.1.2
Doc Type: If docs needed, set a value
Doc Text:
A double-free vulnerability was found in Ruby. The issue occurs during Regexp compilation. This flaw allows an attacker to create a Regexp object with a crafted source string that could cause the same memory to be freed twice.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:6450 0 None None None 2022-09-13 09:45:10 UTC
Red Hat Product Errata RHSA-2022:6585 0 None None None 2022-09-20 13:44:47 UTC
Red Hat Product Errata RHSA-2022:6855 0 None None None 2022-10-11 07:31:34 UTC

Description amctagga 2022-04-14 21:34:16 UTC
VE-2022-28738: Double free in Regexp compilation

Posted by mame on 12 Apr 2022

A double-free vulnerability is discovered in Regexp compilation. This vulnerability has been assigned the CVE identifier CVE-2022-28738. We strongly recommend upgrading Ruby.
Details

Due to a bug in the Regexp compilation process, creating a Regexp object with a crafted source string could cause the same memory to be freed twice. This is known as a “double free” vulnerability. Note that, in general, it is considered unsafe to create and use a Regexp object generated from untrusted input. In this case, however, following a comprehensive assessment, we treat this issue as a vulnerability.

Please update Ruby to 3.0.4, or 3.1.2.
Affected versions

    ruby 3.0.3 or prior
    ruby 3.1.1 or prior

Note that ruby 2.6 series and 2.7 series are not affected.
Credits

Thanks to piao for discovering this issue.
History

    Originally published at 2022-04-12 12:00:00 (UTC)

Comment 1 Sandipan Roy 2022-04-25 04:59:17 UTC
Created ruby tracking bugs for this issue:

Affects: fedora-all [bug 2078342]


Created ruby:3.0/ruby tracking bugs for this issue:

Affects: fedora-all [bug 2078343]

Comment 5 errata-xmlrpc 2022-09-13 09:45:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:6450 https://access.redhat.com/errata/RHSA-2022:6450

Comment 6 errata-xmlrpc 2022-09-20 13:44:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:6585 https://access.redhat.com/errata/RHSA-2022:6585

Comment 7 errata-xmlrpc 2022-10-11 07:31:31 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7

Via RHSA-2022:6855 https://access.redhat.com/errata/RHSA-2022:6855


Note You need to log in before you can comment on or make changes to this bug.