vulnerability
Oracle Linux: CVE-2022-28739: ELSA-2022-6450: ruby:3.0 security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:C/I:N/A:N) | 2022-04-14 | 2022-07-02 | 2025-01-08 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:C/I:N/A:N)
Published
2022-04-14
Added
2022-07-02
Modified
2025-01-08
Description
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read.
A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read.
Solution(s)
oracle-linux-upgrade-rubyoracle-linux-upgrade-ruby-default-gemsoracle-linux-upgrade-ruby-develoracle-linux-upgrade-ruby-docoracle-linux-upgrade-rubygem-abrtoracle-linux-upgrade-rubygem-abrt-docoracle-linux-upgrade-rubygem-bigdecimaloracle-linux-upgrade-rubygem-bsonoracle-linux-upgrade-rubygem-bson-docoracle-linux-upgrade-rubygem-bundleroracle-linux-upgrade-rubygem-bundler-docoracle-linux-upgrade-rubygem-did-you-meanoracle-linux-upgrade-rubygem-io-consoleoracle-linux-upgrade-rubygem-irboracle-linux-upgrade-rubygem-jsonoracle-linux-upgrade-rubygem-minitestoracle-linux-upgrade-rubygem-mongooracle-linux-upgrade-rubygem-mongo-docoracle-linux-upgrade-rubygem-mysql2oracle-linux-upgrade-rubygem-mysql2-docoracle-linux-upgrade-rubygem-net-telnetoracle-linux-upgrade-rubygem-openssloracle-linux-upgrade-rubygem-pgoracle-linux-upgrade-rubygem-pg-docoracle-linux-upgrade-rubygem-power-assertoracle-linux-upgrade-rubygem-psychoracle-linux-upgrade-rubygem-rakeoracle-linux-upgrade-rubygem-rbsoracle-linux-upgrade-rubygem-rdocoracle-linux-upgrade-rubygem-rexmloracle-linux-upgrade-rubygem-rssoracle-linux-upgrade-rubygemsoracle-linux-upgrade-rubygems-develoracle-linux-upgrade-rubygem-test-unitoracle-linux-upgrade-rubygem-typeproforacle-linux-upgrade-rubygem-xmlrpcoracle-linux-upgrade-ruby-irboracle-linux-upgrade-ruby-libs
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.