vulnerability

Debian: CVE-2024-27282: ruby2.7, ruby3.1 -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:L/AC:M/Au:N/C:C/I:P/A:P)	May 6, 2024	May 6, 2024	Mar 30, 2026

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:P/A:P)

Published

May 6, 2024

Added

May 6, 2024

Modified

Mar 30, 2026

Description

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1.

Solutions

debian-upgrade-ruby2-7debian-upgrade-ruby3-1

References

CVE-2024-27282
https://attackerkb.com/topics/CVE-2024-27282
CWE-125
DEBIAN-DSA-5677-1
EUVD-EUVD-2024-24519
https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-24519

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report