Lucene search
RubySecRUBY:RUBY-2022-28739HistoryApr 11, 2022 - 9:00 p.m.
Buffer overrun in String-to-Float conversion
2022-04-1121:00:00
RubySec
rubysec.com
64
A buffer-overrun vulnerability is discovered in a conversion algorithm from a String to a Float. This vulnerability has been assigned the CVE identifier CVE-2022-28739. We strongly recommend upgrading Ruby.
Due to a bug in an internal function that converts a String to a Float, some convertion methods like Kernel#Float and String#to_f could cause buffer over-read. A typical consequence is a process termination due to segmentation fault, but in a limited circumstances, it may be exploitable for illegal memory read.
Please update Ruby to 2.6.10, 2.7.6, 3.0.4, or 3.1.2.
Related
oraclelinux
oraclelinux
ruby:2.6 security, bug fix, and enhancement update
2022-07-01 00:00:00
ruby:2.5 security update
2023-01-20 00:00:00
ruby security, bug fix, and enhancement update
2022-09-21 00:00:00
nessus
nessus
RHEL 8 : ruby:2.6 (RHSA-2022:5338)
2022-07-01 00:00:00
NewStart CGSL MAIN 6.06 : ruby Vulnerability (NS-SA-2023-0084)
2023-12-27 00:00:00
Rocky Linux 8 : ruby:2.6 (RLSA-2022:5338)
2023-11-06 00:00:00
alpinelinux
alpinelinux
CVE-2022-28739
2022-05-09 18:15:00
cbl_mariner
cbl_mariner
CVE-2022-28739 affecting package ruby 2.6.9-1
2022-06-15 17:03:10
osv
osv
CVE-2022-28739
2022-05-09 18:15:08
BIT-ruby-2022-28739
2024-03-06 11:04:15
ruby2.3 vulnerability
2022-06-06 22:21:58
amazon
amazon
Medium: ruby20
2022-10-03 19:29:00
Medium: ruby
2022-09-30 07:04:00
redhat
redhat
(RHSA-2022:6585) Moderate: ruby security, bug fix, and enhancement update
2022-09-20 11:36:12
ubuntucve
ubuntucve
CVE-2022-28739
2022-05-09 00:00:00
redhatcve
redhatcve
CVE-2022-28739
2022-04-20 05:24:54
prion
prion
Design/Logic Flaw
2022-05-09 18:15:00
ubuntu
ubuntu
Ruby vulnerability
2022-06-06 00:00:00
Ruby vulnerabilities
2022-06-06 00:00:00
freebsd
freebsd
Ruby -- Buffer overrun in String-to-Float conversion
2022-04-12 00:00:00
veracode
veracode
Buffer Overflow
2022-04-13 07:35:02
rocky
rocky
ruby:2.6 security, bug fix, and enhancement update
2022-06-28 10:54:23
ruby security, bug fix, and enhancement update
2022-09-20 11:36:12
ruby:2.7 security, bug fix, and enhancement update
2022-09-13 07:36:49
cve
cve
CVE-2022-28739
2022-05-09 18:15:00
debiancve
debiancve
CVE-2022-28739
2022-05-09 18:15:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-0199
2022-06-17 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0447
2022-09-07 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0199
2022-06-17 00:00:00
redos
redos
ROS-20220516-06
2022-05-16 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: ruby-3.1.2-164.fc36
2022-05-07 05:07:39
[SECURITY] Fedora 35 Update: ruby-3.0.4-153.fc35
2022-05-08 01:48:39
[SECURITY] Fedora 34 Update: ruby-3.0.4-153.fc34
2022-05-08 02:03:44
almalinux
almalinux
Moderate: ruby security, bug fix, and enhancement update
2022-09-20 00:00:00
Moderate: ruby:2.7 security, bug fix, and enhancement update
2022-09-13 00:00:00
Moderate: ruby:3.0 security, bug fix, and enhancement update
2022-09-13 00:00:00
slackware
slackware
[slackware-security] ruby
2022-04-13 20:52:10
debian
debian
[SECURITY] [DLA 3450-1] ruby2.5 security update
2023-06-09 10:23:43
mageia
mageia
Updated ruby packages fix security vulnerability
2022-04-16 00:35:09
cloudfoundry
cloudfoundry
USN-5462-1: Ruby vulnerabilities | Cloud Foundry
2022-12-07 00:00:00
suse
suse
Security update for ruby2.5 (important)
2022-05-03 00:00:00
apple
apple
About the security content of macOS Big Sur 11.7.1
2022-10-24 00:00:00
About the security content of macOS Monterey 12.6.1
2022-10-24 00:00:00
About the security content of macOS Ventura 13
2022-10-24 00:00:00
gentoo
gentoo
Ruby: Multiple vulnerabilities
2024-01-24 00:00:00
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00
Related for RUBY:RUBY-2022-28739