Количество 14
Количество 14
GHSA-v5h6-c2hv-hv3r
StringIO buffer overread vulnerability
CVE-2024-27280
A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2.
CVE-2024-27280
A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2.
CVE-2024-27280
A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2.
CVE-2024-27280
A buffer-overread issue was discovered in StringIO 3.0.1, as distribut ...
BDU:2024-02456
Уязвимость методов ungetbyte и ungetc обработчика строк StringIO для языка программирования Ruby, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации
ROS-20250109-08
Уязвимость ruby
ELSA-2024-3671
ELSA-2024-3671: ruby:3.3 security, bug fix, and enhancement update (MODERATE)
ELSA-2024-3670
ELSA-2024-3670: ruby:3.3 security, bug fix, and enhancement update (MODERATE)
ELSA-2024-3668
ELSA-2024-3668: ruby:3.1 security, bug fix, and enhancement update (MODERATE)
ELSA-2024-3546
ELSA-2024-3546: ruby:3.1 security, bug fix, and enhancement update (MODERATE)
ELSA-2024-4499
ELSA-2024-4499: ruby security update (MODERATE)
ELSA-2024-3838
ELSA-2024-3838: ruby security update (MODERATE)
ELSA-2024-3500
ELSA-2024-3500: ruby:3.0 security update (MODERATE)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-v5h6-c2hv-hv3r StringIO buffer overread vulnerability | CVSS3: 9.8 | 2% Низкий | около 1 года назад |
 | CVE-2024-27280 A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2. | CVSS3: 9.8 | 2% Низкий | около 1 года назад |
 | CVE-2024-27280 A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2. | CVSS3: 3.1 | 2% Низкий | около 1 года назад |
 | CVE-2024-27280 A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2. | CVSS3: 9.8 | 2% Низкий | около 1 года назад |
| CVE-2024-27280 A buffer-overread issue was discovered in StringIO 3.0.1, as distribut ... | CVSS3: 9.8 | 2% Низкий | около 1 года назад |
 | BDU:2024-02456 Уязвимость методов ungetbyte и ungetc обработчика строк StringIO для языка программирования Ruby, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации | CVSS3: 3.1 | 2% Низкий | больше 1 года назад |
 | ROS-20250109-08 Уязвимость ruby | CVSS3: 3.1 | 2% Низкий | 5 месяцев назад |
| ELSA-2024-3671 ELSA-2024-3671: ruby:3.3 security, bug fix, and enhancement update (MODERATE) | около 1 года назад | ||
| ELSA-2024-3670 ELSA-2024-3670: ruby:3.3 security, bug fix, and enhancement update (MODERATE) | около 1 года назад | ||
| ELSA-2024-3668 ELSA-2024-3668: ruby:3.1 security, bug fix, and enhancement update (MODERATE) | около 1 года назад | ||
| ELSA-2024-3546 ELSA-2024-3546: ruby:3.1 security, bug fix, and enhancement update (MODERATE) | около 1 года назад | ||
| ELSA-2024-4499 ELSA-2024-4499: ruby security update (MODERATE) | 11 месяцев назад | ||
| ELSA-2024-3838 ELSA-2024-3838: ruby security update (MODERATE) | около 1 года назад | ||
| ELSA-2024-3500 ELSA-2024-3500: ruby:3.0 security update (MODERATE) | около 1 года назад |
Уязвимостей на страницу