The Time parser mishandles invalid strings that have specific characters. It causes an increase in execution time for parsing strings to Time objects. A ReDoS issue was discovered in the Time gem 0.1.0 and 0.2.1 and Time library of Ruby 2.7.7.
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2023:3291 https://access.redhat.com/errata/RHSA-2023:3291
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:3821 https://access.redhat.com/errata/RHSA-2023:3821
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-28756
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:7025 https://access.redhat.com/errata/RHSA-2023:7025
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:1431 https://access.redhat.com/errata/RHSA-2024:1431
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:1576 https://access.redhat.com/errata/RHSA-2024:1576
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:3500 https://access.redhat.com/errata/RHSA-2024:3500
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:3838 https://access.redhat.com/errata/RHSA-2024:3838