2 matches found
Amazon Linux 2023 : ruby3.4, ruby3.4-bundled-gems, ruby3.4-default-gems (ALAS2023-2026-1807)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1807 advisory. zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader...
GHSA-G857-HHFV-J68W Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption
Details A buffer overflow vulnerability exists in Zlib::GzipReader. The zstreambufferungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to...