Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-28755

Опубликовано: 31 мар. 2023
Источник: debian

Описание

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
rubygemsfixed3.4.20-1package
rubygemsfixed3.3.15-2+deb12u1bookwormpackage
ruby3.1removedpackage
ruby3.1no-dsabookwormpackage
ruby2.7removedpackage
ruby2.5removedpackage
jrubyfixed9.4.3.0+ds-1~exp1experimentalpackage
jrubyfixed9.4.5.0+ds-1package
jrubyignoredbookwormpackage

Примечания

  • Fixed by: https://github.com/ruby/ruby/commit/8ce4ab146498879b65e22f1be951b25eebb79300 (v3_1_4)

  • Fixed by: https://github.com/ruby/uri/commit/eaf89cc31619d49e67c64d0b58ea9dc38892d175 (v0.12.1)

  • https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/

  • Incomplete fix, cf. CVE-2023-36617

  • https://github.com/jruby/jruby/commit/7e220403384faef102e838b412b4d1b3a9cfb6ec (9.4.3.0)

Связанные уязвимости

ubuntu логотип

CVE-2023-28755

CVSS3: 5.3
ubuntu
почти 3 года назад

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.

redhat логотип

CVE-2023-28755

CVSS3: 5.3
redhat
почти 3 года назад

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.

nvd логотип

CVE-2023-28755

CVSS3: 5.3
nvd
почти 3 года назад

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.

github логотип

GHSA-hv5j-3h9f-99c2

CVSS3: 7.5
github
почти 3 года назад

Ruby URI component ReDoS issue

fstec логотип

BDU:2023-03870

CVSS3: 5.3
fstec
почти 3 года назад

Уязвимость компонента URI языка программирования Ruby, связанная с использованием регулярного выражения c неэффективной вычислительной сложностью, позволяющая нарушителю вызвать отказ в обслуживании