CVE-2026-8376

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perlstudychunk in regcompstudy.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a lar...

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the Regexp compilation process. An attacker can execute arbitrary code or cause a denial of service by supplying a specially crafted regular expression source string. Remediation A fix was pushed into the master branch bu...

Oracle Linux 9 : ruby (ELSA-2024-3838)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3838 advisory. - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 Tenable has extracted the preceding description block directly from the Oracle Linux...

Medium: ruby

Issue Overview: A double-free vulnerability was found in Ruby. The issue occurs during Regexp compilation. This flaw allows an attacker to create a Regexp object with a crafted source string that could cause the same memory to be freed twice. CVE-2022-28738 A buffer overrun vulnerability was foun...

ruby security, bug fix, and enhancement update

3.0.4-160 - Upgrade to Ruby 3.0.4. Resolves: rhbz2109428 - OpenSSL test suite fixes due to disabled SHA1. Related: rbhz2109428 - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 - Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739...

ruby security, bug fix, and enhancement update

An update is available for ruby. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is an extensible, interpreted, object-oriented, scripting language. It has...

ALSA-2022:6585 Moderate: ruby security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.0.4. BZ2109428 Security Fixes: Ruby: Double free in Regexp compilati...

ruby:3.0 security, bug fix, and enhancement update

ruby 3.0.4-141 - Upgrade to Ruby 3.0.4. Resolves: rhbz2109431 Resolves: rhbz2110981 - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 - Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739...

CentOS 8 : ruby:3.0 (CESA-2022:6450)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:6450 advisory. - ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-41817 - ruby: Cookie prefix spoofing in CGI::Cookie.parse...

RHEL 8 : ruby:3.0 (RHSA-2022:6450)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6450 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

GO-2021-0347 Stack exhaustion when compiling deeply nested expressions in regexp

On 64-bit platforms, an extremely deeply nested expression can cause regexp.Compile to cause goroutine stack exhaustion, forcing the program to exit. Note this applies to very large expressions, on the order of 2MB...

ROS-20220516-06

A vulnerability in the high-level Ruby programming language is related to a type conversion bug in the some conversion methods, such as KernelFloat and Stringtof. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted data to a vulnerable application,...

Internet Bug Bounty: CVE-2022-28738: Double free in Regexp compilation

Due to a bug in the Regexp compilation process, creating a Regexp object with a crafted source string could cause the same memory to be freed twice. This is known as a “double free” vulnerability. Note that, in general, it is considered unsafe to create and use a Regexp object generated from...

MGASA-2022-0143 Updated ruby packages fix security vulnerability

Double free in Regexp compilation CVE-2022-28738. A buffer overrun was found in String-to-Float conversion CVE-2022-28739...

Denial Of Service (DoS)

ruby is vulnerable to denial of service. The vulnerability exists due to a Double free in Regexp compilation which allows an attacker to crash the application via malicious input...

FreeBSD : Ruby -- Double free in Regexp compilation (f22144d7-bad1-11ec-9cfe-0800270512f4)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f22144d7-bad1-11ec-9cfe-0800270512f4 advisory. - piao reports: Due to a bug in the Regexp compilation process, creating a Regexp object with a crafted...

Double free in Regexp compilation

A double-free vulnerability is discovered in Regexp compilation. This vulnerability has been assigned the CVE identifier CVE-2022-28738. We strongly recommend upgrading Ruby. Due to a bug in the Regexp compilation process, creating a Regexp object with a crafted source string could cause the same...