ALAS2RUBY3.0-2023-002 --- ruby| ID: oval:org.secpod.oval:def:1701736 | Date: (C)2023-10-26 (M)2024-04-17 |
| Class: PATCH | Family: unix |
A double-free vulnerability was found in Ruby. The issue occurs during Regexp compilation. This flaw allows an attacker to create a Regexp object with a crafted source string that could cause the same memory to be freed twice. A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read
| Product: |
| ruby |
| rubygem-bigdecimal |
| rubygem-bundler |
| rubygem-rexml |
| rubygem-io-console |
| rubygem-irb |
| rubygem-json |
| rubygem-minitest |
| rubygem-rss |
| rubygem-rbs |
| rubygem-power_assert |
| rubygem-psych |
| rubygem-rdoc |
| rubygem-test-unit |
| rubygem-typeprof |
| rubygems |
| rubygem-rake |
