Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-28756

Опубликовано: 31 мар. 2023
Источник: debian

Описание

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ruby3.1removedpackage
ruby3.1no-dsabookwormpackage
ruby2.7removedpackage
ruby2.5removedpackage
jrubyfixed9.4.3.0+ds-1~exp1experimentalpackage
jrubyfixed9.4.5.0+ds-1package
jrubyignoredbookwormpackage

Примечания

  • Fixed by: https://github.com/ruby/ruby/commit/957bb7cb81995f26c671afce0ee50a5c660e540e (v3_1_4)

  • Fixed by: https://github.com/ruby/time/commit/b57db51f577875d3e896dcd2ef1dcaf97f23e943 (v0.2.2)

  • Fixed by: https://github.com/ruby/time/commit/3dce6f73d14f5fad6d9b302393fd02df48797b11 (v0.2.2)

  • https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/

  • https://github.com/jruby/jruby/commit/36637a1b4e434cbb75c8f87be128b7763cedf99d (9.4.3.0)

Связанные уязвимости

ubuntu логотип

CVE-2023-28756

CVSS3: 5.3
ubuntu
около 2 лет назад

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

redhat логотип

CVE-2023-28756

CVSS3: 5.3
redhat
около 2 лет назад

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

nvd логотип

CVE-2023-28756

CVSS3: 5.3
nvd
около 2 лет назад

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

github логотип

GHSA-fg7x-g82r-94qc

CVSS3: 7.5
github
около 2 лет назад

Ruby Time component ReDoS issue

fstec логотип

BDU:2023-02020

CVSS3: 7.5
fstec
около 2 лет назад

Уязвимость библиотеки Time интерпретатора Ruby, позволяющая нарушителю вызвать отказ в обслуживании