ALAS2RUBY3.0-2023-002 --- rubyID: oval:org.secpod.oval:def:1701736 | Date: (C)2023-10-26 (M)2024-04-17 |
Class: PATCH | Family: unix |
A double-free vulnerability was found in Ruby. The issue occurs during Regexp compilation. This flaw allows an attacker to create a Regexp object with a crafted source string that could cause the same memory to be freed twice. A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read
Product: |
ruby |
rubygem-bigdecimal |
rubygem-bundler |
rubygem-rexml |
rubygem-io-console |
rubygem-irb |
rubygem-json |
rubygem-minitest |
rubygem-rss |
rubygem-rbs |
rubygem-power_assert |
rubygem-psych |
rubygem-rdoc |
rubygem-test-unit |
rubygem-typeprof |
rubygems |
rubygem-rake |