VAR-202204-0855
Vulnerability from variot - Updated: 2025-12-22 22:13There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
Bug Fix(es):
-
ruby 3.0: User-installed rubygems plugins are not being loaded [RHEL8] (BZ#2110981)
-
========================================================================= Ubuntu Security Notice USN-5462-1 June 06, 2022
ruby2.5, ruby2.7, ruby3.0 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Ruby. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-28738)
It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-28739)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: libruby3.0 3.0.2-7ubuntu2.1 ruby3.0 3.0.2-7ubuntu2.1
Ubuntu 21.10: libruby2.7 2.7.4-1ubuntu3.2 ruby2.7 2.7.4-1ubuntu3.2
Ubuntu 20.04 LTS: libruby2.7 2.7.0-5ubuntu1.7 ruby2.7 2.7.0-5ubuntu1.7
Ubuntu 18.04 LTS: libruby2.5 2.5.1-1ubuntu1.12 ruby2.5 2.5.1-1ubuntu1.12
In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202401-27
https://security.gentoo.org/
Severity: Normal Title: Ruby: Multiple vulnerabilities Date: January 24, 2024 Bugs: #747007, #801061, #827251, #838073, #882893, #903630 ID: 202401-27
Synopsis
Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code. It comes bundled with a HTTP server ("WEBrick").
Affected packages
Package Vulnerable Unaffected
dev-lang/ruby < 2.5.9:2.5 Vulnerable! < 2.6.10:2.6 Vulnerable! < 2.7.8:2.7 Vulnerable! < 3.0.6:3.0 Vulnerable! < 3.1.4:3.1 >= 3.1.4:3.1 < 3.2.2:3.2 >= 3.2.2:3.2
Description
Multiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Ruby users should upgrade to the latest version:
# emerge --sync # emerge --ask --depclean ruby:2.5 ruby:2.6 ruby:2.7 ruby:3.0 # emerge --ask --oneshot --verbose ">=dev-lang/ruby-3.1.4:3.1" # emerge --ask --oneshot --verbose ">=dev-lang/ruby-3.2.2:3.2"
References
[ 1 ] CVE-2020-25613 https://nvd.nist.gov/vuln/detail/CVE-2020-25613 [ 2 ] CVE-2021-31810 https://nvd.nist.gov/vuln/detail/CVE-2021-31810 [ 3 ] CVE-2021-32066 https://nvd.nist.gov/vuln/detail/CVE-2021-32066 [ 4 ] CVE-2021-33621 https://nvd.nist.gov/vuln/detail/CVE-2021-33621 [ 5 ] CVE-2021-41816 https://nvd.nist.gov/vuln/detail/CVE-2021-41816 [ 6 ] CVE-2021-41817 https://nvd.nist.gov/vuln/detail/CVE-2021-41817 [ 7 ] CVE-2021-41819 https://nvd.nist.gov/vuln/detail/CVE-2021-41819 [ 8 ] CVE-2022-28738 https://nvd.nist.gov/vuln/detail/CVE-2022-28738 [ 9 ] CVE-2022-28739 https://nvd.nist.gov/vuln/detail/CVE-2022-28739 [ 10 ] CVE-2023-28755 https://nvd.nist.gov/vuln/detail/CVE-2023-28755 [ 11 ] CVE-2023-28756 https://nvd.nist.gov/vuln/detail/CVE-2023-28756
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202401-27
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-8 Additional information for APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1
macOS Big Sur 11.7.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213493.
AppleMobileFileIntegrity Available for: macOS Big Sur Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t)
Audio Available for: macOS Big Sur Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
ppp Available for: macOS Big Sur Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022
Ruby Available for: macOS Big Sur Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739
Sandbox Available for: macOS Big Sur Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher
zlib Available for: macOS Big Sur Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022
macOS Big Sur 11.7.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. CVE-2022-32862: an anonymous researcher
Additional recognition
Calendar We would like to acknowledge an anonymous researcher for their assistance. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: ruby:2.6 security, bug fix, and enhancement update Advisory ID: RHSA-2022:5338-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5338 Issue date: 2022-06-28 CVE Names: CVE-2022-28739 ==================================================================== 1. Summary:
An update for the ruby:2.6 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: ruby (2.6.10). (BZ#2089374)
Security Fix(es):
- Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2075687 - CVE-2022-28739 Ruby: Buffer overrun in String-to-Float conversion 2089374 - ruby:2.6/ruby: Rebase to the latest Ruby 2.6 point release [rhel-8] [rhel-8.6.0.z]
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: ruby-2.6.10-109.module+el8.6.0+15475+c55337b4.src.rpm rubygem-abrt-0.3.0-4.module+el8.1.0+3653+beb38eb0.src.rpm rubygem-bson-4.5.0-1.module+el8.1.0+3653+beb38eb0.src.rpm rubygem-mongo-2.8.0-1.module+el8.1.0+3653+beb38eb0.src.rpm rubygem-mysql2-0.5.2-1.module+el8.1.0+3653+beb38eb0.src.rpm rubygem-pg-1.1.4-1.module+el8.1.0+3653+beb38eb0.src.rpm
aarch64: ruby-2.6.10-109.module+el8.6.0+15475+c55337b4.aarch64.rpm ruby-debuginfo-2.6.10-109.module+el8.6.0+15475+c55337b4.aarch64.rpm ruby-debugsource-2.6.10-109.module+el8.6.0+15475+c55337b4.aarch64.rpm ruby-devel-2.6.10-109.module+el8.6.0+15475+c55337b4.aarch64.rpm ruby-libs-2.6.10-109.module+el8.6.0+15475+c55337b4.aarch64.rpm ruby-libs-debuginfo-2.6.10-109.module+el8.6.0+15475+c55337b4.aarch64.rpm rubygem-bigdecimal-1.4.1-109.module+el8.6.0+15475+c55337b4.aarch64.rpm rubygem-bigdecimal-debuginfo-1.4.1-109.module+el8.6.0+15475+c55337b4.aarch64.rpm rubygem-bson-4.5.0-1.module+el8.1.0+3653+beb38eb0.aarch64.rpm rubygem-bson-debuginfo-4.5.0-1.module+el8.1.0+3653+beb38eb0.aarch64.rpm rubygem-bson-debugsource-4.5.0-1.module+el8.1.0+3653+beb38eb0.aarch64.rpm rubygem-io-console-0.4.7-109.module+el8.6.0+15475+c55337b4.aarch64.rpm rubygem-io-console-debuginfo-0.4.7-109.module+el8.6.0+15475+c55337b4.aarch64.rpm rubygem-json-2.1.0-109.module+el8.6.0+15475+c55337b4.aarch64.rpm rubygem-json-debuginfo-2.1.0-109.module+el8.6.0+15475+c55337b4.aarch64.rpm rubygem-mysql2-0.5.2-1.module+el8.1.0+3653+beb38eb0.aarch64.rpm rubygem-mysql2-debuginfo-0.5.2-1.module+el8.1.0+3653+beb38eb0.aarch64.rpm rubygem-mysql2-debugsource-0.5.2-1.module+el8.1.0+3653+beb38eb0.aarch64.rpm rubygem-openssl-2.1.2-109.module+el8.6.0+15475+c55337b4.aarch64.rpm rubygem-openssl-debuginfo-2.1.2-109.module+el8.6.0+15475+c55337b4.aarch64.rpm rubygem-pg-1.1.4-1.module+el8.1.0+3653+beb38eb0.aarch64.rpm rubygem-pg-debuginfo-1.1.4-1.module+el8.1.0+3653+beb38eb0.aarch64.rpm rubygem-pg-debugsource-1.1.4-1.module+el8.1.0+3653+beb38eb0.aarch64.rpm rubygem-psych-3.1.0-109.module+el8.6.0+15475+c55337b4.aarch64.rpm rubygem-psych-debuginfo-3.1.0-109.module+el8.6.0+15475+c55337b4.aarch64.rpm
noarch: ruby-doc-2.6.10-109.module+el8.6.0+15475+c55337b4.noarch.rpm rubygem-abrt-0.3.0-4.module+el8.1.0+3653+beb38eb0.noarch.rpm rubygem-abrt-doc-0.3.0-4.module+el8.1.0+3653+beb38eb0.noarch.rpm rubygem-bson-doc-4.5.0-1.module+el8.1.0+3653+beb38eb0.noarch.rpm rubygem-bundler-1.17.2-109.module+el8.6.0+15475+c55337b4.noarch.rpm rubygem-did_you_mean-1.3.0-109.module+el8.6.0+15475+c55337b4.noarch.rpm rubygem-irb-1.0.0-109.module+el8.6.0+15475+c55337b4.noarch.rpm rubygem-minitest-5.11.3-109.module+el8.6.0+15475+c55337b4.noarch.rpm rubygem-mongo-2.8.0-1.module+el8.1.0+3653+beb38eb0.noarch.rpm rubygem-mongo-doc-2.8.0-1.module+el8.1.0+3653+beb38eb0.noarch.rpm rubygem-mysql2-doc-0.5.2-1.module+el8.1.0+3653+beb38eb0.noarch.rpm rubygem-net-telnet-0.2.0-109.module+el8.6.0+15475+c55337b4.noarch.rpm rubygem-pg-doc-1.1.4-1.module+el8.1.0+3653+beb38eb0.noarch.rpm rubygem-power_assert-1.1.3-109.module+el8.6.0+15475+c55337b4.noarch.rpm rubygem-rake-12.3.3-109.module+el8.6.0+15475+c55337b4.noarch.rpm rubygem-rdoc-6.1.2.1-109.module+el8.6.0+15475+c55337b4.noarch.rpm rubygem-test-unit-3.2.9-109.module+el8.6.0+15475+c55337b4.noarch.rpm rubygem-xmlrpc-0.3.0-109.module+el8.6.0+15475+c55337b4.noarch.rpm rubygems-3.0.3.1-109.module+el8.6.0+15475+c55337b4.noarch.rpm rubygems-devel-3.0.3.1-109.module+el8.6.0+15475+c55337b4.noarch.rpm
ppc64le: ruby-2.6.10-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm ruby-debuginfo-2.6.10-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm ruby-debugsource-2.6.10-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm ruby-devel-2.6.10-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm ruby-libs-2.6.10-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm ruby-libs-debuginfo-2.6.10-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm rubygem-bigdecimal-1.4.1-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm rubygem-bigdecimal-debuginfo-1.4.1-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm rubygem-bson-4.5.0-1.module+el8.1.0+3653+beb38eb0.ppc64le.rpm rubygem-bson-debuginfo-4.5.0-1.module+el8.1.0+3653+beb38eb0.ppc64le.rpm rubygem-bson-debugsource-4.5.0-1.module+el8.1.0+3653+beb38eb0.ppc64le.rpm rubygem-io-console-0.4.7-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm rubygem-io-console-debuginfo-0.4.7-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm rubygem-json-2.1.0-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm rubygem-json-debuginfo-2.1.0-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm rubygem-mysql2-0.5.2-1.module+el8.1.0+3653+beb38eb0.ppc64le.rpm rubygem-mysql2-debuginfo-0.5.2-1.module+el8.1.0+3653+beb38eb0.ppc64le.rpm rubygem-mysql2-debugsource-0.5.2-1.module+el8.1.0+3653+beb38eb0.ppc64le.rpm rubygem-openssl-2.1.2-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm rubygem-openssl-debuginfo-2.1.2-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm rubygem-pg-1.1.4-1.module+el8.1.0+3653+beb38eb0.ppc64le.rpm rubygem-pg-debuginfo-1.1.4-1.module+el8.1.0+3653+beb38eb0.ppc64le.rpm rubygem-pg-debugsource-1.1.4-1.module+el8.1.0+3653+beb38eb0.ppc64le.rpm rubygem-psych-3.1.0-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm rubygem-psych-debuginfo-3.1.0-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm
s390x: ruby-2.6.10-109.module+el8.6.0+15475+c55337b4.s390x.rpm ruby-debuginfo-2.6.10-109.module+el8.6.0+15475+c55337b4.s390x.rpm ruby-debugsource-2.6.10-109.module+el8.6.0+15475+c55337b4.s390x.rpm ruby-devel-2.6.10-109.module+el8.6.0+15475+c55337b4.s390x.rpm ruby-libs-2.6.10-109.module+el8.6.0+15475+c55337b4.s390x.rpm ruby-libs-debuginfo-2.6.10-109.module+el8.6.0+15475+c55337b4.s390x.rpm rubygem-bigdecimal-1.4.1-109.module+el8.6.0+15475+c55337b4.s390x.rpm rubygem-bigdecimal-debuginfo-1.4.1-109.module+el8.6.0+15475+c55337b4.s390x.rpm rubygem-bson-4.5.0-1.module+el8.1.0+3653+beb38eb0.s390x.rpm rubygem-bson-debuginfo-4.5.0-1.module+el8.1.0+3653+beb38eb0.s390x.rpm rubygem-bson-debugsource-4.5.0-1.module+el8.1.0+3653+beb38eb0.s390x.rpm rubygem-io-console-0.4.7-109.module+el8.6.0+15475+c55337b4.s390x.rpm rubygem-io-console-debuginfo-0.4.7-109.module+el8.6.0+15475+c55337b4.s390x.rpm rubygem-json-2.1.0-109.module+el8.6.0+15475+c55337b4.s390x.rpm rubygem-json-debuginfo-2.1.0-109.module+el8.6.0+15475+c55337b4.s390x.rpm rubygem-mysql2-0.5.2-1.module+el8.1.0+3653+beb38eb0.s390x.rpm rubygem-mysql2-debuginfo-0.5.2-1.module+el8.1.0+3653+beb38eb0.s390x.rpm rubygem-mysql2-debugsource-0.5.2-1.module+el8.1.0+3653+beb38eb0.s390x.rpm rubygem-openssl-2.1.2-109.module+el8.6.0+15475+c55337b4.s390x.rpm rubygem-openssl-debuginfo-2.1.2-109.module+el8.6.0+15475+c55337b4.s390x.rpm rubygem-pg-1.1.4-1.module+el8.1.0+3653+beb38eb0.s390x.rpm rubygem-pg-debuginfo-1.1.4-1.module+el8.1.0+3653+beb38eb0.s390x.rpm rubygem-pg-debugsource-1.1.4-1.module+el8.1.0+3653+beb38eb0.s390x.rpm rubygem-psych-3.1.0-109.module+el8.6.0+15475+c55337b4.s390x.rpm rubygem-psych-debuginfo-3.1.0-109.module+el8.6.0+15475+c55337b4.s390x.rpm
x86_64: ruby-2.6.10-109.module+el8.6.0+15475+c55337b4.i686.rpm ruby-2.6.10-109.module+el8.6.0+15475+c55337b4.x86_64.rpm ruby-debuginfo-2.6.10-109.module+el8.6.0+15475+c55337b4.i686.rpm ruby-debuginfo-2.6.10-109.module+el8.6.0+15475+c55337b4.x86_64.rpm ruby-debugsource-2.6.10-109.module+el8.6.0+15475+c55337b4.i686.rpm ruby-debugsource-2.6.10-109.module+el8.6.0+15475+c55337b4.x86_64.rpm ruby-devel-2.6.10-109.module+el8.6.0+15475+c55337b4.i686.rpm ruby-devel-2.6.10-109.module+el8.6.0+15475+c55337b4.x86_64.rpm ruby-libs-2.6.10-109.module+el8.6.0+15475+c55337b4.i686.rpm ruby-libs-2.6.10-109.module+el8.6.0+15475+c55337b4.x86_64.rpm ruby-libs-debuginfo-2.6.10-109.module+el8.6.0+15475+c55337b4.i686.rpm ruby-libs-debuginfo-2.6.10-109.module+el8.6.0+15475+c55337b4.x86_64.rpm rubygem-bigdecimal-1.4.1-109.module+el8.6.0+15475+c55337b4.i686.rpm rubygem-bigdecimal-1.4.1-109.module+el8.6.0+15475+c55337b4.x86_64.rpm rubygem-bigdecimal-debuginfo-1.4.1-109.module+el8.6.0+15475+c55337b4.i686.rpm rubygem-bigdecimal-debuginfo-1.4.1-109.module+el8.6.0+15475+c55337b4.x86_64.rpm rubygem-bson-4.5.0-1.module+el8.1.0+3653+beb38eb0.x86_64.rpm rubygem-bson-debuginfo-4.5.0-1.module+el8.1.0+3653+beb38eb0.x86_64.rpm rubygem-bson-debugsource-4.5.0-1.module+el8.1.0+3653+beb38eb0.x86_64.rpm rubygem-io-console-0.4.7-109.module+el8.6.0+15475+c55337b4.i686.rpm rubygem-io-console-0.4.7-109.module+el8.6.0+15475+c55337b4.x86_64.rpm rubygem-io-console-debuginfo-0.4.7-109.module+el8.6.0+15475+c55337b4.i686.rpm rubygem-io-console-debuginfo-0.4.7-109.module+el8.6.0+15475+c55337b4.x86_64.rpm rubygem-json-2.1.0-109.module+el8.6.0+15475+c55337b4.i686.rpm rubygem-json-2.1.0-109.module+el8.6.0+15475+c55337b4.x86_64.rpm rubygem-json-debuginfo-2.1.0-109.module+el8.6.0+15475+c55337b4.i686.rpm rubygem-json-debuginfo-2.1.0-109.module+el8.6.0+15475+c55337b4.x86_64.rpm rubygem-mysql2-0.5.2-1.module+el8.1.0+3653+beb38eb0.x86_64.rpm rubygem-mysql2-debuginfo-0.5.2-1.module+el8.1.0+3653+beb38eb0.x86_64.rpm rubygem-mysql2-debugsource-0.5.2-1.module+el8.1.0+3653+beb38eb0.x86_64.rpm rubygem-openssl-2.1.2-109.module+el8.6.0+15475+c55337b4.i686.rpm rubygem-openssl-2.1.2-109.module+el8.6.0+15475+c55337b4.x86_64.rpm rubygem-openssl-debuginfo-2.1.2-109.module+el8.6.0+15475+c55337b4.i686.rpm rubygem-openssl-debuginfo-2.1.2-109.module+el8.6.0+15475+c55337b4.x86_64.rpm rubygem-pg-1.1.4-1.module+el8.1.0+3653+beb38eb0.x86_64.rpm rubygem-pg-debuginfo-1.1.4-1.module+el8.1.0+3653+beb38eb0.x86_64.rpm rubygem-pg-debugsource-1.1.4-1.module+el8.1.0+3653+beb38eb0.x86_64.rpm rubygem-psych-3.1.0-109.module+el8.6.0+15475+c55337b4.i686.rpm rubygem-psych-3.1.0-109.module+el8.6.0+15475+c55337b4.x86_64.rpm rubygem-psych-debuginfo-3.1.0-109.module+el8.6.0+15475+c55337b4.i686.rpm rubygem-psych-debuginfo-3.1.0-109.module+el8.6.0+15475+c55337b4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-28739 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYr5BdtzjgjWX9erEAQjJNg//aMV8gwcjxgJsrKs17hpExxVLB7OuKWo/ uquO6Ejnmd3MWlJmBSqzQ45OLTwKWatqldQDmNsKJjZkEqF12UijPuAWrjW8Y2tn syEdYispTdnVSf40hSNaNY5vOEcKILZM8LnEIO5krFtx1jvqzJpYrkUOYWdxSuws Ey4as204xnqwOml0yzysLHokvdG56KgADogfVBZqE1L22xMz/O5n2MJZCn/+N34C VjtQjIp1i/PK+NiJcx3p2tZgkDSF/YV1iXwXq05rvIpWeKLXW0C07GafjHmaRa+V 7NR4kRH3ZqHAOSVle9dcgER6pvNKOHjY/0NI9+41/KwEzrq+KvSABwJoieduRDrg wPNP5OP8aASi/5T5ha001mO+viqKU5hYterZ2xbCw5bb11YEkowRW5BjeTC9Jtj3 N0SS1NubY8EZkN02k0/ORpAq8z3VuRrMrQxHmybrBflzndXF97UMSCtlayOKql+A SEu7GvLE6EJ0yuWetTopWDKuXxLS//pb2N9i57jNhw/YoTEvfbmoF4zihL9BssKk So398FfwSZqRx3xmsGRLbd2EjwlqD0mE7f2sKN9NXXEherzb3IGxbs0yA6QUWBUq NaAlNKiDRvr1xNii5fdG9m3pJ/4uR8JxZ9s6hzbWHS25e3BuPJwXw9HWKuCRl6a0 lNjbIQ2UtqQ=MUrM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-0855",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ruby",
"scope": "lt",
"trust": 1.0,
"vendor": "ruby lang",
"version": "3.1.2"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "ruby",
"scope": "gte",
"trust": 1.0,
"vendor": "ruby lang",
"version": "3.1.0"
},
{
"model": "ruby",
"scope": "lt",
"trust": 1.0,
"vendor": "ruby lang",
"version": "2.6.10"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.7.1"
},
{
"model": "ruby",
"scope": "lt",
"trust": 1.0,
"vendor": "ruby lang",
"version": "3.0.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.6.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "ruby",
"scope": "lt",
"trust": 1.0,
"vendor": "ruby lang",
"version": "2.7.6"
},
{
"model": "ruby",
"scope": "gte",
"trust": 1.0,
"vendor": "ruby lang",
"version": "3.0.0"
},
{
"model": "ruby",
"scope": "gte",
"trust": 1.0,
"vendor": "ruby lang",
"version": "2.7.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-28739"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "169553"
},
{
"db": "PACKETSTORM",
"id": "169577"
},
{
"db": "PACKETSTORM",
"id": "169552"
}
],
"trust": 0.3
},
"cve": "CVE-2022-28739",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-28739",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-420273",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-28739",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-28739",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-3369",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-420273",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420273"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3369"
},
{
"db": "NVD",
"id": "CVE-2022-28739"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. \n\nBug Fix(es):\n\n* ruby 3.0: User-installed rubygems plugins are not being loaded [RHEL8]\n(BZ#2110981)\n\n4. =========================================================================\nUbuntu Security Notice USN-5462-1\nJune 06, 2022\n\nruby2.5, ruby2.7, ruby3.0 vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Ruby. \nAn attacker could possibly use this issue to execute arbitrary code. This\nissue only affected Ubuntu 22.04 LTS. (CVE-2022-28738)\n\nIt was discovered that Ruby incorrectly handled certain inputs. \nAn attacker could possibly use this issue to expose sensitive information. \n(CVE-2022-28739)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n libruby3.0 3.0.2-7ubuntu2.1\n ruby3.0 3.0.2-7ubuntu2.1\n\nUbuntu 21.10:\n libruby2.7 2.7.4-1ubuntu3.2\n ruby2.7 2.7.4-1ubuntu3.2\n\nUbuntu 20.04 LTS:\n libruby2.7 2.7.0-5ubuntu1.7\n ruby2.7 2.7.0-5ubuntu1.7\n\nUbuntu 18.04 LTS:\n libruby2.5 2.5.1-1ubuntu1.12\n ruby2.5 2.5.1-1ubuntu1.12\n\nIn general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202401-27\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Ruby: Multiple vulnerabilities\n Date: January 24, 2024\n Bugs: #747007, #801061, #827251, #838073, #882893, #903630\n ID: 202401-27\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in Ruby, the worst of\nwhich could lead to execution of arbitrary code. It comes bundled with a HTTP server (\"WEBrick\"). \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n------------- ------------ ------------\ndev-lang/ruby \u003c 2.5.9:2.5 Vulnerable!\n \u003c 2.6.10:2.6 Vulnerable!\n \u003c 2.7.8:2.7 Vulnerable!\n \u003c 3.0.6:3.0 Vulnerable!\n \u003c 3.1.4:3.1 \u003e= 3.1.4:3.1\n \u003c 3.2.2:3.2 \u003e= 3.2.2:3.2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Ruby. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Ruby users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --depclean ruby:2.5 ruby:2.6 ruby:2.7 ruby:3.0\n # emerge --ask --oneshot --verbose \"\u003e=dev-lang/ruby-3.1.4:3.1\"\n # emerge --ask --oneshot --verbose \"\u003e=dev-lang/ruby-3.2.2:3.2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-25613\n https://nvd.nist.gov/vuln/detail/CVE-2020-25613\n[ 2 ] CVE-2021-31810\n https://nvd.nist.gov/vuln/detail/CVE-2021-31810\n[ 3 ] CVE-2021-32066\n https://nvd.nist.gov/vuln/detail/CVE-2021-32066\n[ 4 ] CVE-2021-33621\n https://nvd.nist.gov/vuln/detail/CVE-2021-33621\n[ 5 ] CVE-2021-41816\n https://nvd.nist.gov/vuln/detail/CVE-2021-41816\n[ 6 ] CVE-2021-41817\n https://nvd.nist.gov/vuln/detail/CVE-2021-41817\n[ 7 ] CVE-2021-41819\n https://nvd.nist.gov/vuln/detail/CVE-2021-41819\n[ 8 ] CVE-2022-28738\n https://nvd.nist.gov/vuln/detail/CVE-2022-28738\n[ 9 ] CVE-2022-28739\n https://nvd.nist.gov/vuln/detail/CVE-2022-28739\n[ 10 ] CVE-2023-28755\n https://nvd.nist.gov/vuln/detail/CVE-2023-28755\n[ 11 ] CVE-2023-28756\n https://nvd.nist.gov/vuln/detail/CVE-2023-28756\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202401-27\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2024 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-8 Additional information for APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1\n\nmacOS Big Sur 11.7.1 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213493. \n\nAppleMobileFileIntegrity\nAvailable for: macOS Big Sur\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2022-42825: Mickey Jin (@patch1t)\n\nAudio\nAvailable for: macOS Big Sur\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42798: Anonymous working with Trend Micro Zero Day\nInitiative\nEntry added October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nppp\nAvailable for: macOS Big Sur\nImpact: A buffer overflow may result in arbitrary code execution \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32941: an anonymous researcher\nEntry added October 27, 2022\n\nRuby\nAvailable for: macOS Big Sur\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: A memory corruption issue was addressed by updating Ruby\nto version 2.6.10. \nCVE-2022-28739\n\nSandbox\nAvailable for: macOS Big Sur\nImpact: An app with root privileges may be able to access private\ninformation\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32862: an anonymous researcher\n\nzlib\nAvailable for: macOS Big Sur\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution \nDescription: This issue was addressed with improved checks. \nCVE-2022-37434: Evgeny Legerov\nCVE-2022-42800: Evgeny Legerov\nEntry added October 27, 2022\n\nmacOS Big Sur 11.7.1 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \nCVE-2022-32862: an anonymous researcher\n\nAdditional recognition\n\nCalendar\nWe would like to acknowledge an anonymous researcher for their\nassistance. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: ruby:2.6 security, bug fix, and enhancement update\nAdvisory ID: RHSA-2022:5338-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:5338\nIssue date: 2022-06-28\nCVE Names: CVE-2022-28739\n====================================================================\n1. Summary:\n\nAn update for the ruby:2.6 module is now available for Red Hat Enterprise\nLinux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nRuby is an extensible, interpreted, object-oriented, scripting language. It\nhas features to process text files and to perform system management tasks. \n\nThe following packages have been upgraded to a later upstream version: ruby\n(2.6.10). (BZ#2089374)\n\nSecurity Fix(es):\n\n* Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2075687 - CVE-2022-28739 Ruby: Buffer overrun in String-to-Float conversion\n2089374 - ruby:2.6/ruby: Rebase to the latest Ruby 2.6 point release [rhel-8] [rhel-8.6.0.z]\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nruby-2.6.10-109.module+el8.6.0+15475+c55337b4.src.rpm\nrubygem-abrt-0.3.0-4.module+el8.1.0+3653+beb38eb0.src.rpm\nrubygem-bson-4.5.0-1.module+el8.1.0+3653+beb38eb0.src.rpm\nrubygem-mongo-2.8.0-1.module+el8.1.0+3653+beb38eb0.src.rpm\nrubygem-mysql2-0.5.2-1.module+el8.1.0+3653+beb38eb0.src.rpm\nrubygem-pg-1.1.4-1.module+el8.1.0+3653+beb38eb0.src.rpm\n\naarch64:\nruby-2.6.10-109.module+el8.6.0+15475+c55337b4.aarch64.rpm\nruby-debuginfo-2.6.10-109.module+el8.6.0+15475+c55337b4.aarch64.rpm\nruby-debugsource-2.6.10-109.module+el8.6.0+15475+c55337b4.aarch64.rpm\nruby-devel-2.6.10-109.module+el8.6.0+15475+c55337b4.aarch64.rpm\nruby-libs-2.6.10-109.module+el8.6.0+15475+c55337b4.aarch64.rpm\nruby-libs-debuginfo-2.6.10-109.module+el8.6.0+15475+c55337b4.aarch64.rpm\nrubygem-bigdecimal-1.4.1-109.module+el8.6.0+15475+c55337b4.aarch64.rpm\nrubygem-bigdecimal-debuginfo-1.4.1-109.module+el8.6.0+15475+c55337b4.aarch64.rpm\nrubygem-bson-4.5.0-1.module+el8.1.0+3653+beb38eb0.aarch64.rpm\nrubygem-bson-debuginfo-4.5.0-1.module+el8.1.0+3653+beb38eb0.aarch64.rpm\nrubygem-bson-debugsource-4.5.0-1.module+el8.1.0+3653+beb38eb0.aarch64.rpm\nrubygem-io-console-0.4.7-109.module+el8.6.0+15475+c55337b4.aarch64.rpm\nrubygem-io-console-debuginfo-0.4.7-109.module+el8.6.0+15475+c55337b4.aarch64.rpm\nrubygem-json-2.1.0-109.module+el8.6.0+15475+c55337b4.aarch64.rpm\nrubygem-json-debuginfo-2.1.0-109.module+el8.6.0+15475+c55337b4.aarch64.rpm\nrubygem-mysql2-0.5.2-1.module+el8.1.0+3653+beb38eb0.aarch64.rpm\nrubygem-mysql2-debuginfo-0.5.2-1.module+el8.1.0+3653+beb38eb0.aarch64.rpm\nrubygem-mysql2-debugsource-0.5.2-1.module+el8.1.0+3653+beb38eb0.aarch64.rpm\nrubygem-openssl-2.1.2-109.module+el8.6.0+15475+c55337b4.aarch64.rpm\nrubygem-openssl-debuginfo-2.1.2-109.module+el8.6.0+15475+c55337b4.aarch64.rpm\nrubygem-pg-1.1.4-1.module+el8.1.0+3653+beb38eb0.aarch64.rpm\nrubygem-pg-debuginfo-1.1.4-1.module+el8.1.0+3653+beb38eb0.aarch64.rpm\nrubygem-pg-debugsource-1.1.4-1.module+el8.1.0+3653+beb38eb0.aarch64.rpm\nrubygem-psych-3.1.0-109.module+el8.6.0+15475+c55337b4.aarch64.rpm\nrubygem-psych-debuginfo-3.1.0-109.module+el8.6.0+15475+c55337b4.aarch64.rpm\n\nnoarch:\nruby-doc-2.6.10-109.module+el8.6.0+15475+c55337b4.noarch.rpm\nrubygem-abrt-0.3.0-4.module+el8.1.0+3653+beb38eb0.noarch.rpm\nrubygem-abrt-doc-0.3.0-4.module+el8.1.0+3653+beb38eb0.noarch.rpm\nrubygem-bson-doc-4.5.0-1.module+el8.1.0+3653+beb38eb0.noarch.rpm\nrubygem-bundler-1.17.2-109.module+el8.6.0+15475+c55337b4.noarch.rpm\nrubygem-did_you_mean-1.3.0-109.module+el8.6.0+15475+c55337b4.noarch.rpm\nrubygem-irb-1.0.0-109.module+el8.6.0+15475+c55337b4.noarch.rpm\nrubygem-minitest-5.11.3-109.module+el8.6.0+15475+c55337b4.noarch.rpm\nrubygem-mongo-2.8.0-1.module+el8.1.0+3653+beb38eb0.noarch.rpm\nrubygem-mongo-doc-2.8.0-1.module+el8.1.0+3653+beb38eb0.noarch.rpm\nrubygem-mysql2-doc-0.5.2-1.module+el8.1.0+3653+beb38eb0.noarch.rpm\nrubygem-net-telnet-0.2.0-109.module+el8.6.0+15475+c55337b4.noarch.rpm\nrubygem-pg-doc-1.1.4-1.module+el8.1.0+3653+beb38eb0.noarch.rpm\nrubygem-power_assert-1.1.3-109.module+el8.6.0+15475+c55337b4.noarch.rpm\nrubygem-rake-12.3.3-109.module+el8.6.0+15475+c55337b4.noarch.rpm\nrubygem-rdoc-6.1.2.1-109.module+el8.6.0+15475+c55337b4.noarch.rpm\nrubygem-test-unit-3.2.9-109.module+el8.6.0+15475+c55337b4.noarch.rpm\nrubygem-xmlrpc-0.3.0-109.module+el8.6.0+15475+c55337b4.noarch.rpm\nrubygems-3.0.3.1-109.module+el8.6.0+15475+c55337b4.noarch.rpm\nrubygems-devel-3.0.3.1-109.module+el8.6.0+15475+c55337b4.noarch.rpm\n\nppc64le:\nruby-2.6.10-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm\nruby-debuginfo-2.6.10-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm\nruby-debugsource-2.6.10-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm\nruby-devel-2.6.10-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm\nruby-libs-2.6.10-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm\nruby-libs-debuginfo-2.6.10-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm\nrubygem-bigdecimal-1.4.1-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm\nrubygem-bigdecimal-debuginfo-1.4.1-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm\nrubygem-bson-4.5.0-1.module+el8.1.0+3653+beb38eb0.ppc64le.rpm\nrubygem-bson-debuginfo-4.5.0-1.module+el8.1.0+3653+beb38eb0.ppc64le.rpm\nrubygem-bson-debugsource-4.5.0-1.module+el8.1.0+3653+beb38eb0.ppc64le.rpm\nrubygem-io-console-0.4.7-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm\nrubygem-io-console-debuginfo-0.4.7-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm\nrubygem-json-2.1.0-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm\nrubygem-json-debuginfo-2.1.0-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm\nrubygem-mysql2-0.5.2-1.module+el8.1.0+3653+beb38eb0.ppc64le.rpm\nrubygem-mysql2-debuginfo-0.5.2-1.module+el8.1.0+3653+beb38eb0.ppc64le.rpm\nrubygem-mysql2-debugsource-0.5.2-1.module+el8.1.0+3653+beb38eb0.ppc64le.rpm\nrubygem-openssl-2.1.2-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm\nrubygem-openssl-debuginfo-2.1.2-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm\nrubygem-pg-1.1.4-1.module+el8.1.0+3653+beb38eb0.ppc64le.rpm\nrubygem-pg-debuginfo-1.1.4-1.module+el8.1.0+3653+beb38eb0.ppc64le.rpm\nrubygem-pg-debugsource-1.1.4-1.module+el8.1.0+3653+beb38eb0.ppc64le.rpm\nrubygem-psych-3.1.0-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm\nrubygem-psych-debuginfo-3.1.0-109.module+el8.6.0+15475+c55337b4.ppc64le.rpm\n\ns390x:\nruby-2.6.10-109.module+el8.6.0+15475+c55337b4.s390x.rpm\nruby-debuginfo-2.6.10-109.module+el8.6.0+15475+c55337b4.s390x.rpm\nruby-debugsource-2.6.10-109.module+el8.6.0+15475+c55337b4.s390x.rpm\nruby-devel-2.6.10-109.module+el8.6.0+15475+c55337b4.s390x.rpm\nruby-libs-2.6.10-109.module+el8.6.0+15475+c55337b4.s390x.rpm\nruby-libs-debuginfo-2.6.10-109.module+el8.6.0+15475+c55337b4.s390x.rpm\nrubygem-bigdecimal-1.4.1-109.module+el8.6.0+15475+c55337b4.s390x.rpm\nrubygem-bigdecimal-debuginfo-1.4.1-109.module+el8.6.0+15475+c55337b4.s390x.rpm\nrubygem-bson-4.5.0-1.module+el8.1.0+3653+beb38eb0.s390x.rpm\nrubygem-bson-debuginfo-4.5.0-1.module+el8.1.0+3653+beb38eb0.s390x.rpm\nrubygem-bson-debugsource-4.5.0-1.module+el8.1.0+3653+beb38eb0.s390x.rpm\nrubygem-io-console-0.4.7-109.module+el8.6.0+15475+c55337b4.s390x.rpm\nrubygem-io-console-debuginfo-0.4.7-109.module+el8.6.0+15475+c55337b4.s390x.rpm\nrubygem-json-2.1.0-109.module+el8.6.0+15475+c55337b4.s390x.rpm\nrubygem-json-debuginfo-2.1.0-109.module+el8.6.0+15475+c55337b4.s390x.rpm\nrubygem-mysql2-0.5.2-1.module+el8.1.0+3653+beb38eb0.s390x.rpm\nrubygem-mysql2-debuginfo-0.5.2-1.module+el8.1.0+3653+beb38eb0.s390x.rpm\nrubygem-mysql2-debugsource-0.5.2-1.module+el8.1.0+3653+beb38eb0.s390x.rpm\nrubygem-openssl-2.1.2-109.module+el8.6.0+15475+c55337b4.s390x.rpm\nrubygem-openssl-debuginfo-2.1.2-109.module+el8.6.0+15475+c55337b4.s390x.rpm\nrubygem-pg-1.1.4-1.module+el8.1.0+3653+beb38eb0.s390x.rpm\nrubygem-pg-debuginfo-1.1.4-1.module+el8.1.0+3653+beb38eb0.s390x.rpm\nrubygem-pg-debugsource-1.1.4-1.module+el8.1.0+3653+beb38eb0.s390x.rpm\nrubygem-psych-3.1.0-109.module+el8.6.0+15475+c55337b4.s390x.rpm\nrubygem-psych-debuginfo-3.1.0-109.module+el8.6.0+15475+c55337b4.s390x.rpm\n\nx86_64:\nruby-2.6.10-109.module+el8.6.0+15475+c55337b4.i686.rpm\nruby-2.6.10-109.module+el8.6.0+15475+c55337b4.x86_64.rpm\nruby-debuginfo-2.6.10-109.module+el8.6.0+15475+c55337b4.i686.rpm\nruby-debuginfo-2.6.10-109.module+el8.6.0+15475+c55337b4.x86_64.rpm\nruby-debugsource-2.6.10-109.module+el8.6.0+15475+c55337b4.i686.rpm\nruby-debugsource-2.6.10-109.module+el8.6.0+15475+c55337b4.x86_64.rpm\nruby-devel-2.6.10-109.module+el8.6.0+15475+c55337b4.i686.rpm\nruby-devel-2.6.10-109.module+el8.6.0+15475+c55337b4.x86_64.rpm\nruby-libs-2.6.10-109.module+el8.6.0+15475+c55337b4.i686.rpm\nruby-libs-2.6.10-109.module+el8.6.0+15475+c55337b4.x86_64.rpm\nruby-libs-debuginfo-2.6.10-109.module+el8.6.0+15475+c55337b4.i686.rpm\nruby-libs-debuginfo-2.6.10-109.module+el8.6.0+15475+c55337b4.x86_64.rpm\nrubygem-bigdecimal-1.4.1-109.module+el8.6.0+15475+c55337b4.i686.rpm\nrubygem-bigdecimal-1.4.1-109.module+el8.6.0+15475+c55337b4.x86_64.rpm\nrubygem-bigdecimal-debuginfo-1.4.1-109.module+el8.6.0+15475+c55337b4.i686.rpm\nrubygem-bigdecimal-debuginfo-1.4.1-109.module+el8.6.0+15475+c55337b4.x86_64.rpm\nrubygem-bson-4.5.0-1.module+el8.1.0+3653+beb38eb0.x86_64.rpm\nrubygem-bson-debuginfo-4.5.0-1.module+el8.1.0+3653+beb38eb0.x86_64.rpm\nrubygem-bson-debugsource-4.5.0-1.module+el8.1.0+3653+beb38eb0.x86_64.rpm\nrubygem-io-console-0.4.7-109.module+el8.6.0+15475+c55337b4.i686.rpm\nrubygem-io-console-0.4.7-109.module+el8.6.0+15475+c55337b4.x86_64.rpm\nrubygem-io-console-debuginfo-0.4.7-109.module+el8.6.0+15475+c55337b4.i686.rpm\nrubygem-io-console-debuginfo-0.4.7-109.module+el8.6.0+15475+c55337b4.x86_64.rpm\nrubygem-json-2.1.0-109.module+el8.6.0+15475+c55337b4.i686.rpm\nrubygem-json-2.1.0-109.module+el8.6.0+15475+c55337b4.x86_64.rpm\nrubygem-json-debuginfo-2.1.0-109.module+el8.6.0+15475+c55337b4.i686.rpm\nrubygem-json-debuginfo-2.1.0-109.module+el8.6.0+15475+c55337b4.x86_64.rpm\nrubygem-mysql2-0.5.2-1.module+el8.1.0+3653+beb38eb0.x86_64.rpm\nrubygem-mysql2-debuginfo-0.5.2-1.module+el8.1.0+3653+beb38eb0.x86_64.rpm\nrubygem-mysql2-debugsource-0.5.2-1.module+el8.1.0+3653+beb38eb0.x86_64.rpm\nrubygem-openssl-2.1.2-109.module+el8.6.0+15475+c55337b4.i686.rpm\nrubygem-openssl-2.1.2-109.module+el8.6.0+15475+c55337b4.x86_64.rpm\nrubygem-openssl-debuginfo-2.1.2-109.module+el8.6.0+15475+c55337b4.i686.rpm\nrubygem-openssl-debuginfo-2.1.2-109.module+el8.6.0+15475+c55337b4.x86_64.rpm\nrubygem-pg-1.1.4-1.module+el8.1.0+3653+beb38eb0.x86_64.rpm\nrubygem-pg-debuginfo-1.1.4-1.module+el8.1.0+3653+beb38eb0.x86_64.rpm\nrubygem-pg-debugsource-1.1.4-1.module+el8.1.0+3653+beb38eb0.x86_64.rpm\nrubygem-psych-3.1.0-109.module+el8.6.0+15475+c55337b4.i686.rpm\nrubygem-psych-3.1.0-109.module+el8.6.0+15475+c55337b4.x86_64.rpm\nrubygem-psych-debuginfo-3.1.0-109.module+el8.6.0+15475+c55337b4.i686.rpm\nrubygem-psych-debuginfo-3.1.0-109.module+el8.6.0+15475+c55337b4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-28739\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYr5BdtzjgjWX9erEAQjJNg//aMV8gwcjxgJsrKs17hpExxVLB7OuKWo/\nuquO6Ejnmd3MWlJmBSqzQ45OLTwKWatqldQDmNsKJjZkEqF12UijPuAWrjW8Y2tn\nsyEdYispTdnVSf40hSNaNY5vOEcKILZM8LnEIO5krFtx1jvqzJpYrkUOYWdxSuws\nEy4as204xnqwOml0yzysLHokvdG56KgADogfVBZqE1L22xMz/O5n2MJZCn/+N34C\nVjtQjIp1i/PK+NiJcx3p2tZgkDSF/YV1iXwXq05rvIpWeKLXW0C07GafjHmaRa+V\n7NR4kRH3ZqHAOSVle9dcgER6pvNKOHjY/0NI9+41/KwEzrq+KvSABwJoieduRDrg\nwPNP5OP8aASi/5T5ha001mO+viqKU5hYterZ2xbCw5bb11YEkowRW5BjeTC9Jtj3\nN0SS1NubY8EZkN02k0/ORpAq8z3VuRrMrQxHmybrBflzndXF97UMSCtlayOKql+A\nSEu7GvLE6EJ0yuWetTopWDKuXxLS//pb2N9i57jNhw/YoTEvfbmoF4zihL9BssKk\nSo398FfwSZqRx3xmsGRLbd2EjwlqD0mE7f2sKN9NXXEherzb3IGxbs0yA6QUWBUq\nNaAlNKiDRvr1xNii5fdG9m3pJ/4uR8JxZ9s6hzbWHS25e3BuPJwXw9HWKuCRl6a0\nlNjbIQ2UtqQ=MUrM\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-28739"
},
{
"db": "VULHUB",
"id": "VHN-420273"
},
{
"db": "PACKETSTORM",
"id": "168357"
},
{
"db": "PACKETSTORM",
"id": "167421"
},
{
"db": "PACKETSTORM",
"id": "176686"
},
{
"db": "PACKETSTORM",
"id": "169553"
},
{
"db": "PACKETSTORM",
"id": "169577"
},
{
"db": "PACKETSTORM",
"id": "169552"
},
{
"db": "PACKETSTORM",
"id": "167654"
},
{
"db": "PACKETSTORM",
"id": "167425"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-28739",
"trust": 2.5
},
{
"db": "HACKERONE",
"id": "1248108",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "167425",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167654",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169577",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168360",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168691",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022041404",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060723",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072010",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070105",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4673",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5061",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3320",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2802",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5301",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168445",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3369",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168357",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169553",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169552",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167421",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168692",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169566",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-420273",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "176686",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420273"
},
{
"db": "PACKETSTORM",
"id": "168357"
},
{
"db": "PACKETSTORM",
"id": "167421"
},
{
"db": "PACKETSTORM",
"id": "176686"
},
{
"db": "PACKETSTORM",
"id": "169553"
},
{
"db": "PACKETSTORM",
"id": "169577"
},
{
"db": "PACKETSTORM",
"id": "169552"
},
{
"db": "PACKETSTORM",
"id": "167654"
},
{
"db": "PACKETSTORM",
"id": "167425"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3369"
},
{
"db": "NVD",
"id": "CVE-2022-28739"
}
]
},
"id": "VAR-202204-0855",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-420273"
}
],
"trust": 0.01
},
"last_update_date": "2025-12-22T22:13:05.435000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Ruby Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=193537"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3369"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420273"
},
{
"db": "NVD",
"id": "CVE-2022-28739"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/29"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/30"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/42"
},
{
"trust": 1.7,
"url": "https://hackerone.com/reports/1248108"
},
{
"trust": 1.7,
"url": "https://security-tracker.debian.org/tracker/cve-2022-28739"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20220624-0002/"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213493"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213494"
},
{
"trust": 1.7,
"url": "https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202401-27"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28739"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2802"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168360/red-hat-security-advisory-2022-6447-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb20220720108"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167425/ubuntu-security-notice-usn-5462-2.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060723"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041404"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168445/red-hat-security-advisory-2022-6585-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3320"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168691/red-hat-security-advisory-2022-6856-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5061"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213494"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169577/apple-security-advisory-2022-10-27-8.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167654/red-hat-security-advisory-2022-5338-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4673"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/ruby-buffer-overflow-via-string-to-float-conversion-38079"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5301"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070105"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-28739/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28738"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.3,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32862"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42825"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-28739"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41817"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41819"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5462-1"
},
{
"trust": 0.2,
"url": "https://support.apple.com/ht213493."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41819"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28738"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41817"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ruby3.0/3.0.2-7ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ruby2.7/2.7.4-1ubuntu3.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ruby2.5/2.5.1-1ubuntu1.12"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.7"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28756"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32066"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31810"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28755"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42798"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32944"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42800"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32941"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213494."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5338"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5462-2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420273"
},
{
"db": "PACKETSTORM",
"id": "168357"
},
{
"db": "PACKETSTORM",
"id": "167421"
},
{
"db": "PACKETSTORM",
"id": "176686"
},
{
"db": "PACKETSTORM",
"id": "169553"
},
{
"db": "PACKETSTORM",
"id": "169577"
},
{
"db": "PACKETSTORM",
"id": "169552"
},
{
"db": "PACKETSTORM",
"id": "167654"
},
{
"db": "PACKETSTORM",
"id": "167425"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3369"
},
{
"db": "NVD",
"id": "CVE-2022-28739"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-420273"
},
{
"db": "PACKETSTORM",
"id": "168357"
},
{
"db": "PACKETSTORM",
"id": "167421"
},
{
"db": "PACKETSTORM",
"id": "176686"
},
{
"db": "PACKETSTORM",
"id": "169553"
},
{
"db": "PACKETSTORM",
"id": "169577"
},
{
"db": "PACKETSTORM",
"id": "169552"
},
{
"db": "PACKETSTORM",
"id": "167654"
},
{
"db": "PACKETSTORM",
"id": "167425"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3369"
},
{
"db": "NVD",
"id": "CVE-2022-28739"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-09T00:00:00",
"db": "VULHUB",
"id": "VHN-420273"
},
{
"date": "2022-09-13T15:43:25",
"db": "PACKETSTORM",
"id": "168357"
},
{
"date": "2022-06-07T15:13:54",
"db": "PACKETSTORM",
"id": "167421"
},
{
"date": "2024-01-24T15:01:18",
"db": "PACKETSTORM",
"id": "176686"
},
{
"date": "2022-10-31T14:19:37",
"db": "PACKETSTORM",
"id": "169553"
},
{
"date": "2022-10-31T14:43:13",
"db": "PACKETSTORM",
"id": "169577"
},
{
"date": "2022-10-31T14:19:21",
"db": "PACKETSTORM",
"id": "169552"
},
{
"date": "2022-07-01T14:58:20",
"db": "PACKETSTORM",
"id": "167654"
},
{
"date": "2022-06-07T15:15:31",
"db": "PACKETSTORM",
"id": "167425"
},
{
"date": "2022-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3369"
},
{
"date": "2022-05-09T18:15:08.540000",
"db": "NVD",
"id": "CVE-2022-28739"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-08T00:00:00",
"db": "VULHUB",
"id": "VHN-420273"
},
{
"date": "2023-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3369"
},
{
"date": "2025-11-04T16:15:48.840000",
"db": "NVD",
"id": "CVE-2022-28739"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3369"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ruby Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3369"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3369"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.