Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2023-22796

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 09 Ρ„Π΅Π². 2023
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: ubuntu
ΠŸΡ€ΠΈΠΎΡ€ΠΈΡ‚Π΅Ρ‚: medium
EPSS Низкий
CVSS3: 7.5

ОписаниС

A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

ignored

end of standard support, was needs-triage
devel

needs-triage

esm-apps/bionic

needs-triage

esm-apps/focal

needs-triage

esm-apps/jammy

needs-triage

esm-apps/noble

needs-triage

esm-apps/xenial

needs-triage

focal

ignored

end of standard support, was needs-triage
jammy

needs-triage

kinetic

ignored

end of life, was needs-triage

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

esm-infra/focal

DNE

focal

DNE

jammy

DNE

kinetic

DNE

trusty

ignored

end of standard support
upstream

needs-triage

xenial

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

esm-infra/focal

DNE

focal

DNE

jammy

DNE

kinetic

DNE

trusty

ignored

end of standard support
upstream

needs-triage

xenial

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

esm-infra/focal

DNE

focal

DNE

jammy

DNE

kinetic

DNE

trusty

ignored

end of standard support
upstream

needs-triage

xenial

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

esm-infra/focal

DNE

focal

DNE

jammy

DNE

kinetic

DNE

trusty

ignored

end of standard support
upstream

needs-triage

xenial

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

esm-infra/focal

DNE

focal

DNE

jammy

DNE

kinetic

DNE

trusty

ignored

end of standard support
upstream

needs-triage

xenial

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

esm-infra/focal

DNE

focal

DNE

jammy

DNE

kinetic

DNE

trusty

ignored

end of standard support
upstream

needs-triage

xenial

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 81%
0.01496
Низкий

7.5 High

CVSS3

БвязанныС уязвимости

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2023-22796

CVSS3: 7.5
redhat
ΠΏΠΎΡ‡Ρ‚ΠΈ 3 Π³ΠΎΠ΄Π° Π½Π°Π·Π°Π΄

A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2023-22796

CVSS3: 7.5
nvd
ΠΏΠΎΡ‡Ρ‚ΠΈ 3 Π³ΠΎΠ΄Π° Π½Π°Π·Π°Π΄

A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2023-22796

CVSS3: 7.5
debian
ΠΏΠΎΡ‡Ρ‚ΠΈ 3 Π³ΠΎΠ΄Π° Π½Π°Π·Π°Π΄

A regular expression based DoS vulnerability in Active Support <6.1.7. ...

suse-cvrf Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

SUSE-SU-2023:0275-1

suse-cvrf
ΠΏΠΎΡ‡Ρ‚ΠΈ 3 Π³ΠΎΠ΄Π° Π½Π°Π·Π°Π΄

Security update for rubygem-activesupport-5_1

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-j6gc-792m-qgm2

github
ΠΎΠΊΠΎΠ»ΠΎ 3 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

ReDoS based DoS vulnerability in Active Support's underscore

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 81%
0.01496
Низкий

7.5 High

CVSS3

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2023-22796