An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/
Created ruby tracking bugs for this issue: Affects: fedora-38 [bug 2276811] Affects: fedora-39 [bug 2276813] Affects: fedora-40 [bug 2276814] Created ruby:3.1/ruby tracking bugs for this issue: Affects: fedora-38 [bug 2276812]