Lucene search
AmazonALAS-2022-1638HistoryOct 03, 2022 - 7:29 p.m.
Medium: ruby20
2022-10-0319:29:00
alas.aws.amazon.com
8
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.004 Low
EPSS
Percentile
73.0%
Issue Overview:
A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read. (CVE-2022-28739)
Affected Packages:
ruby20
Issue Correction:
Run yum update ruby20 to update your system.
New Packages:
i686:
rubygem20-io-console-0.4.2-2.41.amzn1.i686
ruby20-devel-2.0.0.648-2.41.amzn1.i686
ruby20-2.0.0.648-2.41.amzn1.i686
ruby20-debuginfo-2.0.0.648-2.41.amzn1.i686
rubygem20-bigdecimal-1.2.0-2.41.amzn1.i686
ruby20-libs-2.0.0.648-2.41.amzn1.i686
rubygem20-psych-2.0.0-2.41.amzn1.i686
noarch:
ruby20-doc-2.0.0.648-2.41.amzn1.noarch
ruby20-irb-2.0.0.648-2.41.amzn1.noarch
rubygems20-2.0.14.1-2.41.amzn1.noarch
rubygems20-devel-2.0.14.1-2.41.amzn1.noarch
src:
ruby20-2.0.0.648-2.41.amzn1.src
x86_64:
ruby20-libs-2.0.0.648-2.41.amzn1.x86_64
rubygem20-bigdecimal-1.2.0-2.41.amzn1.x86_64
rubygem20-psych-2.0.0-2.41.amzn1.x86_64
rubygem20-io-console-0.4.2-2.41.amzn1.x86_64
ruby20-2.0.0.648-2.41.amzn1.x86_64
ruby20-debuginfo-2.0.0.648-2.41.amzn1.x86_64
ruby20-devel-2.0.0.648-2.41.amzn1.x86_64
Additional References
Red Hat: CVE-2022-28739
Mitre: CVE-2022-28739
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | rubygem20-io-console | < 0.4.2-2.41.amzn1 | rubygem20-io-console-0.4.2-2.41.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | ruby20-devel | < 2.0.0.648-2.41.amzn1 | ruby20-devel-2.0.0.648-2.41.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | ruby20 | < 2.0.0.648-2.41.amzn1 | ruby20-2.0.0.648-2.41.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | ruby20-debuginfo | < 2.0.0.648-2.41.amzn1 | ruby20-debuginfo-2.0.0.648-2.41.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | rubygem20-bigdecimal | < 1.2.0-2.41.amzn1 | rubygem20-bigdecimal-1.2.0-2.41.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | ruby20-libs | < 2.0.0.648-2.41.amzn1 | ruby20-libs-2.0.0.648-2.41.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | rubygem20-psych | < 2.0.0-2.41.amzn1 | rubygem20-psych-2.0.0-2.41.amzn1.i686.rpm |
| Amazon Linux | 1 | noarch | ruby20-doc | < 2.0.0.648-2.41.amzn1 | ruby20-doc-2.0.0.648-2.41.amzn1.noarch.rpm |
| Amazon Linux | 1 | noarch | ruby20-irb | < 2.0.0.648-2.41.amzn1 | ruby20-irb-2.0.0.648-2.41.amzn1.noarch.rpm |
| Amazon Linux | 1 | noarch | rubygems20 | < 2.0.14.1-2.41.amzn1 | rubygems20-2.0.14.1-2.41.amzn1.noarch.rpm |
Related
nessus
nessus
Rocky Linux 8 : ruby:2.6 (RLSA-2022:5338)
2023-11-06 00:00:00
Amazon Linux AMI : ruby20 (ALAS-2022-1638)
2022-10-10 00:00:00
Amazon Linux 2 : ruby (ALASRUBY2.6-2023-001)
2023-09-27 00:00:00
osv
osv
CVE-2022-28739
2022-05-09 18:15:08
BIT-ruby-2022-28739
2024-03-06 11:04:15
Moderate: ruby:2.6 security, bug fix, and enhancement update
2022-06-28 10:54:23
redhat
redhat
(RHSA-2022:6585) Moderate: ruby security, bug fix, and enhancement update
2022-09-20 11:36:12
oraclelinux
oraclelinux
ruby:2.6 security, bug fix, and enhancement update
2022-07-01 00:00:00
ruby:2.5 security update
2023-01-20 00:00:00
ruby security, bug fix, and enhancement update
2022-09-21 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-28739 affecting package ruby 2.6.9-1
2022-06-15 17:03:10
alpinelinux
alpinelinux
CVE-2022-28739
2022-05-09 18:15:00
openvas
openvas
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-2010)
2022-07-08 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-1721)
2023-05-08 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1980)
2022-07-08 00:00:00
redhatcve
redhatcve
CVE-2022-28739
2022-04-20 05:24:54
ubuntucve
ubuntucve
CVE-2022-28739
2022-05-09 00:00:00
prion
prion
Design/Logic Flaw
2022-05-09 18:15:00
freebsd
freebsd
Ruby -- Buffer overrun in String-to-Float conversion
2022-04-12 00:00:00
ubuntu
ubuntu
Ruby vulnerability
2022-06-06 00:00:00
Ruby vulnerabilities
2022-06-06 00:00:00
veracode
veracode
Buffer Overflow
2022-04-13 07:35:02
cve
cve
CVE-2022-28739
2022-05-09 18:15:00
debiancve
debiancve
CVE-2022-28739
2022-05-09 18:15:00
amazon
amazon
Medium: ruby
2022-09-30 07:04:00
rocky
rocky
ruby:2.6 security, bug fix, and enhancement update
2022-06-28 10:54:23
ruby security, bug fix, and enhancement update
2022-09-20 11:36:12
ruby:2.7 security, bug fix, and enhancement update
2022-09-13 07:36:49
rubygems
rubygems
Buffer overrun in String-to-Float conversion
2022-04-11 21:00:00
debian
debian
[SECURITY] [DLA 3450-1] ruby2.5 security update
2023-06-09 10:23:43
slackware
slackware
[slackware-security] ruby
2022-04-13 20:52:10
almalinux
almalinux
Moderate: ruby security, bug fix, and enhancement update
2022-09-20 00:00:00
Moderate: ruby:2.7 security, bug fix, and enhancement update
2022-09-13 00:00:00
Moderate: ruby:3.0 security, bug fix, and enhancement update
2022-09-13 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-0199
2022-06-17 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0447
2022-09-07 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0199
2022-06-17 00:00:00
redos
redos
ROS-20220516-06
2022-05-16 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: ruby-3.1.2-164.fc36
2022-05-07 05:07:39
[SECURITY] Fedora 35 Update: ruby-3.0.4-153.fc35
2022-05-08 01:48:39
[SECURITY] Fedora 34 Update: ruby-3.0.4-153.fc34
2022-05-08 02:03:44
mageia
mageia
Updated ruby packages fix security vulnerability
2022-04-16 00:35:09
cloudfoundry
cloudfoundry
USN-5462-1: Ruby vulnerabilities | Cloud Foundry
2022-12-07 00:00:00
suse
suse
Security update for ruby2.5 (important)
2022-05-03 00:00:00
apple
apple
About the security content of macOS Big Sur 11.7.1
2022-10-24 00:00:00
About the security content of macOS Monterey 12.6.1
2022-10-24 00:00:00
About the security content of macOS Ventura 13
2022-10-24 00:00:00
gentoo
gentoo
Ruby: Multiple vulnerabilities
2024-01-24 00:00:00
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.004 Low
EPSS
Percentile
73.0%
Related for ALAS-2022-1638