CLSA-2026-1780391238 Fix CVE(s): CVE-2026-8376

SECURITY UPDATE: heap buffer overflow in the regexp compiler 32-bit - debian/patches/CVE-2026-8376.patch: guard against an SSizet overflow when sizing the joined fixed-substring buffer in Perlstudychunk in regcomp.c; backported from upstream commit 5e7f119eb2bb1181be908701f22bf7068e722f1c. -...

BIT-RUBY-MIN-2022-28738

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations...

GLSA-202401-27 : Ruby: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-27 Ruby: Multiple vulnerabilities - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header...

SUSE CVE-2022-28738

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations...

Rocky Linux 8 : ruby:3.0 (RLSA-2022:6450)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:6450 advisory. - A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user...

Oracle Linux 8 : ruby:3.0 (ELSA-2022-6450)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6450 advisory. - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 Tenable has extracted the preceding description block directly from the Oracle Linux...

OESA-2022-1700 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Ruby vulnerabilities (USN-5462-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5462-1 advisory. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to execute...

CVE-2022-28738

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations...

CVE-2022-28738

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations...

CVE-2022-28738

Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2 contains a double-free in the Regexp compiler when compiling a Regexp from untrusted user input, potentially allowing memory corruption. The issue is fixed in Ruby 3.0.4 and 3.1.2+; affected releases include Ruby 3.x up to those pre-fix versions. Sever...

Slackware Linux 15.0 / current ruby Multiple Vulnerabilities (SSA:2022-103-01)

The version of ruby installed on the remote host is prior to 3.0.4 / 3.1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-103-01 advisory. - There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It...

openSUSE Security Update : glibc (openSUSE-2016-1149)

This update for glibc fixes the following issues : Security issues fixed : - arm: mark startcontext as .cantunwind CVE-2016-6323, boo994359, BZ 20435 Bugs fixed : - aarch64: Merge localmultiplethreads offset with memory reference - Fix memory leak in regexp compiler BZ 17069 - Provide correct...