Lucene search

K
mageiaGentoo FoundationMGASA-2024-0160
HistoryMay 09, 2024 - 5:40 a.m.

Updated ruby packages fix security vulnerabilities

2024-05-0905:40:29
Gentoo Foundation
advisories.mageia.org
37
ruby
packages
buffer overread
rce
memory address
vulnerability
security
fix
stringio
cve-2024-27280
.rdoc_options
cve-2024-27281
regex
cve-2024-27282
unix

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

Buffer overread vulnerability in StringIO. (CVE-2024-27280) RCE vulnerability with .rdoc_options in RDoc. (CVE-2024-27281) Arbitrary memory address read vulnerability with Regex search. (CVE-2024-27282)

OSVersionArchitecturePackageVersionFilename
Mageia9noarchruby< 3.1.5-45ruby-3.1.5-45.mga9

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low