An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1.

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1.

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1.

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1.

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplie ...

Уязвимость интерпретатора языка программирования Ruby, связанная с переполнением буфера в куче, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

ELSA-2024-3671: ruby:3.3 security, bug fix, and enhancement update (MODERATE)

ELSA-2024-3670: ruby:3.3 security, bug fix, and enhancement update (MODERATE)

ELSA-2024-3668: ruby:3.1 security, bug fix, and enhancement update (MODERATE)

ELSA-2024-3546: ruby:3.1 security, bug fix, and enhancement update (MODERATE)

ELSA-2024-4499: ruby security update (MODERATE)

ELSA-2024-3838: ruby security update (MODERATE)

ELSA-2024-3500: ruby:3.0 security update (MODERATE)