6.2 Medium
AI Score
Confidence
Low
A buffer overread flaw was found in rubygem StringIO. The ungetbyte and ungetc methods on a StringIO object can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value.
bugzilla.redhat.com/show_bug.cgi?id=2270750
nvd.nist.gov/vuln/detail/CVE-2024-27280
www.cve.org/CVERecord?id=CVE-2024-27280
www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/