A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.

References

hackerone.com/reports/1220911

security-tracker.debian.org/tracker/CVE-2022-28738

security.gentoo.org/glsa/202401-27

security.netapp.com/advisory/ntap-20220624-0002/

www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/

debiancve 1

cve 1

prion 1

hackerone 1

alpinelinux 1

ubuntucve 1

redhatcve 1

nvd 1

osv 7

nessus 16

veracode 1

freebsd 1

rubygems 1

redhat 3

slackware 1

ubuntu 1

almalinux 2

openvas 6

fedora 3

redos 1

rocky 2

cloudfoundry 1

mageia 1

oraclelinux 2

gentoo 1

ics 1

oracle 1

debiancve

CVE-2022-28738

2022-05-09 18:15:08

cve

CVE-2022-28738

2022-05-09 18:15:08

prion

Double free

2022-05-09 18:15:00

hackerone

Internet Bug Bounty: CVE-2022-28738: Double free in Regexp compilation

2022-04-25 03:55:55

alpinelinux

CVE-2022-28738

2022-05-09 18:15:08

ubuntucve

CVE-2022-28738

2022-05-09 00:00:00

redhatcve

CVE-2022-28738

2022-04-14 21:55:08

nvd

CVE-2022-28738

2022-05-09 18:15:08

osv

BIT-ruby-2022-28738

2024-03-06 11:04:26

CVE-2022-28738

2022-05-09 18:15:08

Moderate: ruby security, bug fix, and enhancement update

2022-09-20 00:00:00

nessus

FreeBSD : Ruby -- Double free in Regexp compilation (f22144d7-bad1-11ec-9cfe-0800270512f4)

2022-04-13 00:00:00

Oracle Linux 9 : ruby (ELSA-2022-6585)

2022-09-21 00:00:00

CentOS 9 : ruby-3.0.4-160.el9

2024-02-29 00:00:00

veracode

Denial Of Service (DoS)

2022-04-13 07:35:07

freebsd

Ruby -- Double free in Regexp compilation

2022-04-12 00:00:00

rubygems

Double free in Regexp compilation

2022-04-11 21:00:00

redhat

(RHSA-2022:6585) Moderate: ruby security, bug fix, and enhancement update

2022-09-20 11:36:12

(RHSA-2022:6450) Moderate: ruby:3.0 security, bug fix, and enhancement update

2022-09-13 07:36:53

(RHSA-2022:6855) Moderate: rh-ruby30-ruby security, bug fix, and enhancement update

2022-10-11 07:10:39

slackware

[slackware-security] ruby

2022-04-13 20:52:10

ubuntu

Ruby vulnerabilities

2022-06-06 00:00:00

almalinux

Moderate: ruby security, bug fix, and enhancement update

2022-09-20 00:00:00

Moderate: ruby:3.0 security, bug fix, and enhancement update

2022-09-13 00:00:00

openvas

Fedora: Security Advisory for ruby (FEDORA-2022-a7ca6ee0cf)

2022-05-08 00:00:00

Mageia: Security Advisory (MGASA-2022-0143)

2022-04-20 00:00:00

Slackware: Security Advisory (SSA:2022-103-01)

2022-04-21 00:00:00

fedora

[SECURITY] Fedora 36 Update: ruby-3.1.2-164.fc36

2022-05-07 05:07:39

[SECURITY] Fedora 34 Update: ruby-3.0.4-153.fc34

2022-05-08 02:03:44

[SECURITY] Fedora 35 Update: ruby-3.0.4-153.fc35

2022-05-08 01:48:39

redos

ROS-20220516-06

2022-05-16 00:00:00

rocky

ruby security, bug fix, and enhancement update

2022-09-20 11:36:12

ruby:3.0 security, bug fix, and enhancement update

2022-09-13 07:36:53

cloudfoundry

USN-5462-1: Ruby vulnerabilities | Cloud Foundry

2022-12-07 00:00:00

mageia

Updated ruby packages fix security vulnerability

2022-04-16 00:35:09

oraclelinux

ruby security, bug fix, and enhancement update

2022-09-21 00:00:00

ruby:3.0 security, bug fix, and enhancement update

2022-09-15 00:00:00

gentoo

Ruby: Multiple vulnerabilities

2024-01-24 00:00:00

ics

Siemens SCALANCE XCM-/XRM-300

2024-02-15 12:00:00

oracle

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

9.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.6%

JSON

Related for CVELIST:CVE-2022-28738