CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

50 matches found

Cvelist•added 2022/05/09 12:0 a.m.•21 views

CVE-2022-28739

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including KernelFloat and Stringtof...

8.1AI score0.00306EPSS

Exploits0References14

AlpineLinux•added 2022/05/09 12:0 a.m.•59 views

CVE-2022-28739

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including KernelFloat and Stringtof...

7.5CVSS8.1AI score0.00306EPSS

Exploits0

RedhatCVE•added 2022/04/20 5:24 a.m.•55 views

CVE-2022-28739

A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read...

7.5CVSS3.3AI score0.00306EPSS

Exploits0References4

Mageia•added 2022/04/15 9:35 p.m.•36 views

Updated ruby packages fix security vulnerability

Double free in Regexp compilation CVE-2022-28738. A buffer overrun was found in String-to-Float conversion CVE-2022-28739...

9.8CVSS3.7AI score0.00459EPSS

Exploits0References2

CNNVD•added 2022/04/14 12:0 a.m.•2 views

Ruby 缓冲区错误漏洞

Ruby is a cross-platform, object-oriented, dynamically-typed programming language developed by individual developer Yukihiro Matsumoto. A buffer error vulnerability exists in Ruby, which stems from a buffer out-of-bounds read in String-to-Float conversions, including KernelFloat and Stringtof. Th...

7.5CVSS7.5AI score0.00306EPSS

Exploits0References31

Veracode•added 2022/04/13 7:35 a.m.•24 views

Buffer Overflow

ruby is vulnerable to buffer overflow. The vulnerability exists due to a memory corruption via the String-to-Float conversion which allows an attacker to cause a buffer overflow...

7.5CVSS6AI score0.00306EPSS

Exploits0References19Affected Software5

RubySec•added 2022/04/12 12:0 a.m.•92 views

Buffer overrun in String-to-Float conversion

A buffer-overrun vulnerability is discovered in a conversion algorithm from a String to a Float. This vulnerability has been assigned the CVE identifier CVE-2022-28739. We strongly recommend upgrading Ruby. Due to a bug in an internal function that converts a String to a Float, some convertion...

7.5CVSS3.3AI score0.00306EPSS

Exploits0References1Affected Software1

FreeBSD•added 2022/04/12 12:0 a.m.•46 views

Ruby -- Buffer overrun in String-to-Float conversion

piao reports: Due to a bug in an internal function that converts a String to a Float, some convertion methods like KernelFloat and Stringtof could cause buffer over-read. A typical consequence is a process termination due to segmentation fault, but in a limited circumstances, it may be exploitabl...

7.5CVSS3.8AI score0.00306EPSS

Exploits0References1

Snyk•added 2022/04/05 10:0 p.m.•1 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the internal string conversion methods like KernelFloat and Stringtof. An attacker can cause a crash or access unintended memory by providing specially crafted input. Remediation A fix was pushed into the master...

8.7CVSS6.7AI score0.00306EPSS

Exploits0References2

OSV•added 2020/01/28 9:32 p.m.•0 views

GHSA-977J-XJ7Q-2JR9 Segmentation faultin TensorFlow when converting a Python string to `tf.float16`

Impact Converting a string from Python to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which...

5CVSS6.2AI score0.00232EPSS

Exploits1References9

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by