Bug 2075685 (CVE-2022-28738) - CVE-2022-28738 Ruby: Double free in Regexp compilation
Summary: CVE-2022-28738 Ruby: Double free in Regexp compilation
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-28738
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2078342 2078343 2078344 2078345 2109430 2109434 2123285 2128624
Blocks: 2075682
TreeView+ depends on / blocked
 
Reported: 2022-04-14 21:34 UTC by Sage McTaggart
Modified: 2022-11-29 15:27 UTC (History)
14 users (show)

Fixed In Version: ruby 3.0.4, ruby 3.1.2
Doc Type: If docs needed, set a value
Doc Text:
A double-free vulnerability was found in Ruby. The issue occurs during Regexp compilation. This flaw allows an attacker to create a Regexp object with a crafted source string that could cause the same memory to be freed twice.
Clone Of:
Environment:
Last Closed: 2022-11-29 15:27:42 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:6450 0 None None None 2022-09-13 09:45:10 UTC
Red Hat Product Errata RHSA-2022:6585 0 None None None 2022-09-20 13:44:47 UTC
Red Hat Product Errata RHSA-2022:6855 0 None None None 2022-10-11 07:31:34 UTC

Description Sage McTaggart 2022-04-14 21:34:16 UTC
VE-2022-28738: Double free in Regexp compilation

Posted by mame on 12 Apr 2022

A double-free vulnerability is discovered in Regexp compilation. This vulnerability has been assigned the CVE identifier CVE-2022-28738. We strongly recommend upgrading Ruby.
Details

Due to a bug in the Regexp compilation process, creating a Regexp object with a crafted source string could cause the same memory to be freed twice. This is known as a “double free” vulnerability. Note that, in general, it is considered unsafe to create and use a Regexp object generated from untrusted input. In this case, however, following a comprehensive assessment, we treat this issue as a vulnerability.

Please update Ruby to 3.0.4, or 3.1.2.
Affected versions

    ruby 3.0.3 or prior
    ruby 3.1.1 or prior

Note that ruby 2.6 series and 2.7 series are not affected.
Credits

Thanks to piao for discovering this issue.
History

    Originally published at 2022-04-12 12:00:00 (UTC)

Comment 1 Sandipan Roy 2022-04-25 04:59:17 UTC
Created ruby tracking bugs for this issue:

Affects: fedora-all [bug 2078342]


Created ruby:3.0/ruby tracking bugs for this issue:

Affects: fedora-all [bug 2078343]

Comment 5 errata-xmlrpc 2022-09-13 09:45:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:6450 https://access.redhat.com/errata/RHSA-2022:6450

Comment 6 errata-xmlrpc 2022-09-20 13:44:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:6585 https://access.redhat.com/errata/RHSA-2022:6585

Comment 7 errata-xmlrpc 2022-10-11 07:31:31 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7

Via RHSA-2022:6855 https://access.redhat.com/errata/RHSA-2022:6855

Comment 8 Product Security DevOps Team 2022-11-29 15:27:39 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-28738


Note You need to log in before you can comment on or make changes to this bug.