59 matches found
Astra Linux – Vulnerability in Ruby 2.5
There is a buffer over-read issue in Ruby before version 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. This issue occurs during the conversion from strings to floats, including in methods like KernelFloat and Stringtof...
CLSA-2026-1777444043 ruby: Fix of 2 CVEs
CVE-2021-28965: fix REXML XML round-trip vulnerability - CVE-2022-28739: fix buffer over-read in String-to-Float conversion...
RLSA-2023:7025 Moderate: ruby:2.5 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 ruby...
RockyLinux 8 : ruby:2.5 (RLSA-2023:7025)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7025 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 ruby: ReDoS vulnerability i...
CVE-2026-34379
A flaw was found in OpenEXR, an image storage format library for the motion picture industry. A remote attacker could exploit this vulnerability by providing a specially crafted DWA or DWAB-compressed EXR file containing a FLOAT-type channel. When the file is decoded, a misaligned memory write...
CVE-2026-34379
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoderexecute in...
MiracleLinux 9 : ruby-3.0.4-160.el9 (AXSA:2022-4083:02)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4083:02 advisory. Ruby: Double free in Regexp compilation CVE-2022-28738 Ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 Tenable has extracted the...
MiracleLinux 8 : ruby:2.6 (AXSA:2022-3745:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3745:01 advisory. Ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 Tenable has extracted the preceding description block directly from the MiracleLinux securi...
MiracleLinux 8 : ruby:2.5 (AXSA:2024-7342:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7342:01 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 ruby: ReDoS...
mpfr: buffer overflow in mpfr_strtofr
Buffer overflow in the mpfrstrtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpnsetstr...
BIT-RUBY-MIN-2022-28739
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including KernelFloat and Stringtof...
DEBIAN-CVE-2024-28582
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to execute arbitrary code via the rgbeRGBEToFloat function when reading images in HDR format...
FreeImage Security Vulnerability
FreeImage is a cross-platform open source library for supporting popular graphic image formats. A security vulnerability exists in FreeImage version v.3.19.0, which stems from a buffer overflow vulnerability. A local attacker can use this vulnerability to execute arbitrary code via the...
GLSA-202401-27 : Ruby: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202401-27 Ruby: Multiple vulnerabilities - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header...
ruby: Buffer overrun in String-to-Float conversion
A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read...
Medium: ruby
Issue Overview: A double-free vulnerability was found in Ruby. The issue occurs during Regexp compilation. This flaw allows an attacker to create a Regexp object with a crafted source string that could cause the same memory to be freed twice. CVE-2022-28738 A buffer overrun vulnerability was foun...
Medium: ruby
Issue Overview: A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read. CVE-2022-28739 Affected...
SUSE CVE-2013-4164
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a string that is converted to...
ruby: Buffer overrun in String-to-Float conversion
A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read...
ruby: Buffer overrun in String-to-Float conversion
A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read...