Описание
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.
| Релиз | Статус | Примечание |
|---|---|---|
| esm-infra/xenial | not-affected | |
| upstream | not-affected | debian: Vulnerable code not present |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | |
| esm-infra/bionic | not-affected | |
| upstream | not-affected | debian: Vulnerable code not present |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| esm-infra/focal | not-affected | |
| focal | not-affected | |
| impish | not-affected | |
| jammy | DNE | |
| upstream | not-affected | debian: Vulnerable code not present |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| jammy | released | 3.0.2-7ubuntu2.1 |
| kinetic | not-affected | |
| upstream | released | 3.0.4-1 |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.
A double free was found in the Regexp compiler in Ruby 3.x before 3.0. ...
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.
Уязвимость реализации класса Regexp интерпретатора языка программирования Ruby, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3