arenavec has multiple memory corruption vulnerabilities in safe APIs

The crate has the following vulnerabilities: - The public trait arenavec::common::AllocHandle allows the return of raw pointers through its methods allocate and allocateorextend. However, the trait is not marked as unsafe, meaning users of the crate may implement it under the assumption that the...

Multiple memory corruption vulnerabilities in safe APIs

The crate has the following vulnerabilities: - The public trait arenavec::common::AllocHandle allows the return of raw pointers through its methods allocate and allocateorextend. However, the trait is not marked as unsafe, meaning users of the crate may implement it under the assumption that the...

ruby: Arbitrary memory address read vulnerability with Regex search

A flaw was found in Ruby. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings...

ALPINE-CVE-2024-27282

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1...