3 matches found
MiracleLinux 8 : ruby:3.0 (AXSA:2022-3846:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3846:01 advisory. ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-41817 ruby: Cookie prefix spoofing in CGI::Cookie.parse...
MiracleLinux 9 : ruby-3.0.4-160.el9 (AXSA:2022-4083:02)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4083:02 advisory. Ruby: Double free in Regexp compilation CVE-2022-28738 Ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 Tenable has extracted the...
PT-2022-2610
Name of the Vulnerable Software and Affected Versions Ruby versions 3.0.0 through 3.0.3 Ruby versions 3.1.0 through 3.1.1 Description A double free was found in the Regexp compiler. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected...