VAR-202204-0855
Vulnerability from variot - Updated: 2026-04-10 23:12There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. Ruby Exists in an out-of-bounds read vulnerability.Information may be obtained. 7) - noarch, x86_64
Bug Fix(es):
-
rh-ruby30 ruby: User-installed rubygems plugins are not being loaded (BZ#2128629)
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: ruby security, bug fix, and enhancement update Advisory ID: RHSA-2022:6585-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6585 Issue date: 2022-09-20 CVE Names: CVE-2022-28738 CVE-2022-28739 ==================================================================== 1. Summary:
An update for ruby is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 9) - noarch Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: ruby (3.0.4). (BZ#2109428)
Security Fix(es):
-
Ruby: Double free in Regexp compilation (CVE-2022-28738)
-
Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2075685 - CVE-2022-28738 Ruby: Double free in Regexp compilation 2075687 - CVE-2022-28739 Ruby: Buffer overrun in String-to-Float conversion 2109428 - ruby:3.0/ruby: Rebase to the latest Ruby 3.0 release [rhel-9] [rhel-9.0.0.z]
- Package List:
Red Hat Enterprise Linux AppStream (v. 9):
Source: ruby-3.0.4-160.el9_0.src.rpm
aarch64: ruby-3.0.4-160.el9_0.aarch64.rpm ruby-debuginfo-3.0.4-160.el9_0.aarch64.rpm ruby-debugsource-3.0.4-160.el9_0.aarch64.rpm ruby-devel-3.0.4-160.el9_0.aarch64.rpm ruby-libs-3.0.4-160.el9_0.aarch64.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.aarch64.rpm rubygem-bigdecimal-3.0.0-160.el9_0.aarch64.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.aarch64.rpm rubygem-io-console-0.5.7-160.el9_0.aarch64.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.aarch64.rpm rubygem-json-2.5.1-160.el9_0.aarch64.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.aarch64.rpm rubygem-psych-3.3.2-160.el9_0.aarch64.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.aarch64.rpm
noarch: ruby-default-gems-3.0.4-160.el9_0.noarch.rpm rubygem-bundler-2.2.33-160.el9_0.noarch.rpm rubygem-irb-1.3.5-160.el9_0.noarch.rpm rubygem-minitest-5.14.2-160.el9_0.noarch.rpm rubygem-power_assert-1.2.0-160.el9_0.noarch.rpm rubygem-rake-13.0.3-160.el9_0.noarch.rpm rubygem-rbs-1.4.0-160.el9_0.noarch.rpm rubygem-rdoc-6.3.3-160.el9_0.noarch.rpm rubygem-rexml-3.2.5-160.el9_0.noarch.rpm rubygem-rss-0.2.9-160.el9_0.noarch.rpm rubygem-test-unit-3.3.7-160.el9_0.noarch.rpm rubygem-typeprof-0.15.2-160.el9_0.noarch.rpm rubygems-3.2.33-160.el9_0.noarch.rpm rubygems-devel-3.2.33-160.el9_0.noarch.rpm
ppc64le: ruby-3.0.4-160.el9_0.ppc64le.rpm ruby-debuginfo-3.0.4-160.el9_0.ppc64le.rpm ruby-debugsource-3.0.4-160.el9_0.ppc64le.rpm ruby-devel-3.0.4-160.el9_0.ppc64le.rpm ruby-libs-3.0.4-160.el9_0.ppc64le.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.ppc64le.rpm rubygem-bigdecimal-3.0.0-160.el9_0.ppc64le.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.ppc64le.rpm rubygem-io-console-0.5.7-160.el9_0.ppc64le.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.ppc64le.rpm rubygem-json-2.5.1-160.el9_0.ppc64le.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.ppc64le.rpm rubygem-psych-3.3.2-160.el9_0.ppc64le.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.ppc64le.rpm
s390x: ruby-3.0.4-160.el9_0.s390x.rpm ruby-debuginfo-3.0.4-160.el9_0.s390x.rpm ruby-debugsource-3.0.4-160.el9_0.s390x.rpm ruby-devel-3.0.4-160.el9_0.s390x.rpm ruby-libs-3.0.4-160.el9_0.s390x.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.s390x.rpm rubygem-bigdecimal-3.0.0-160.el9_0.s390x.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.s390x.rpm rubygem-io-console-0.5.7-160.el9_0.s390x.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.s390x.rpm rubygem-json-2.5.1-160.el9_0.s390x.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.s390x.rpm rubygem-psych-3.3.2-160.el9_0.s390x.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.s390x.rpm
x86_64: ruby-3.0.4-160.el9_0.i686.rpm ruby-3.0.4-160.el9_0.x86_64.rpm ruby-debuginfo-3.0.4-160.el9_0.i686.rpm ruby-debuginfo-3.0.4-160.el9_0.x86_64.rpm ruby-debugsource-3.0.4-160.el9_0.i686.rpm ruby-debugsource-3.0.4-160.el9_0.x86_64.rpm ruby-devel-3.0.4-160.el9_0.i686.rpm ruby-devel-3.0.4-160.el9_0.x86_64.rpm ruby-libs-3.0.4-160.el9_0.i686.rpm ruby-libs-3.0.4-160.el9_0.x86_64.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.i686.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.x86_64.rpm rubygem-bigdecimal-3.0.0-160.el9_0.x86_64.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.i686.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.x86_64.rpm rubygem-io-console-0.5.7-160.el9_0.x86_64.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.i686.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.x86_64.rpm rubygem-json-2.5.1-160.el9_0.x86_64.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.i686.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.x86_64.rpm rubygem-psych-3.3.2-160.el9_0.x86_64.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.i686.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 9):
noarch: ruby-doc-3.0.4-160.el9_0.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-28738 https://access.redhat.com/security/cve/CVE-2022-28739 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYypfvtzjgjWX9erEAQjaXQ/+LfzraWPwLDEBfxU87XekVmDQn/KHLw0Q TPgRpDtvfVkmSDDCEvYvvMOYSW3MdNmNJOwPhQyJT3cBrq0zHUog0ejoJO5jV3B1 rOStJ/EfwskmCVaPehhJvGfrKVr2l6Uo8SH0zrLMKBtqd42/GrO2eiDs/xxhVq5U wvgecfUQY8lfpJ25ELa/081aAe4Cg4NN7WShf7DFJ2tw+f/IguCWi+CHZoavv3AQ T7So/dbIjFJmliaPcTkvW02m+JHxNGduXJfelMXB72eyJR7/jEK7OvfE89a18yZ8 P38biUIPZFNaLW1SN62GnA8Qby6g9C/1x+pXssEQ6fo1qJPk/bW6qYfPWWM4Op5N VsTFDx7EAZRCQFnyczTcaUE7g9s4ZovK4qMqTZq9BhP25m9yisvV1jizNpSU6vMi h37/Mi0gcOOcjbtj8Nlbtx+QsHFJvOgTjDIiwPVllMpxygWjSRRnR+LBoTHCPlP2 ZG5q8MGwZAIfzKSP9Fjg58rJoiWnzyJWFLEym38lfrrjch21CtgaKm28wrKQ18PC 7GQ/A/rARWMfAKnFYEO4zF07kidgTwyVJI5RJv8b9x4vLo7/G80CVDXIYjEDP4FR 7fNpEfc9/owximR5WpTds3GfzTDSKzNonHX/oNhIaJLkQ27RTSPXORzxtAsz2a6j jbIYxx9rQto=komJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-8 Additional information for APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1
macOS Big Sur 11.7.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213493.
AppleMobileFileIntegrity Available for: macOS Big Sur Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t)
Audio Available for: macOS Big Sur Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
ppp Available for: macOS Big Sur Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022
Ruby Available for: macOS Big Sur Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739
Sandbox Available for: macOS Big Sur Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher
zlib Available for: macOS Big Sur Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022
macOS Big Sur 11.7.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. CVE-2022-32862: an anonymous researcher
Additional recognition
Calendar We would like to acknowledge an anonymous researcher for their assistance. ========================================================================== Ubuntu Security Notice USN-5462-2 June 06, 2022
ruby2.3 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Ruby could be made to crash or read sensitive information when processing certain input. This update provides the corresponding CVE-2022-28739 update for ruby2.3 on Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: libruby2.3 2.3.1-2~ubuntu16.04.16+esm3 ruby2.3 2.3.1-2~ubuntu16.04.16+esm3
In general, a standard system update will make all the necessary changes
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ruby",
"scope": "lt",
"trust": 1.0,
"vendor": "ruby lang",
"version": "3.1.2"
},
{
"_id": null,
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"_id": null,
"model": "ruby",
"scope": "gte",
"trust": 1.0,
"vendor": "ruby lang",
"version": "3.1.0"
},
{
"_id": null,
"model": "ruby",
"scope": "lt",
"trust": 1.0,
"vendor": "ruby lang",
"version": "2.6.10"
},
{
"_id": null,
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.7.1"
},
{
"_id": null,
"model": "ruby",
"scope": "lt",
"trust": 1.0,
"vendor": "ruby lang",
"version": "3.0.4"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"_id": null,
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.6.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"_id": null,
"model": "ruby",
"scope": "lt",
"trust": 1.0,
"vendor": "ruby lang",
"version": "2.7.6"
},
{
"_id": null,
"model": "ruby",
"scope": "gte",
"trust": 1.0,
"vendor": "ruby lang",
"version": "3.0.0"
},
{
"_id": null,
"model": "ruby",
"scope": "gte",
"trust": 1.0,
"vendor": "ruby lang",
"version": "2.7.0"
},
{
"_id": null,
"model": "ruby",
"scope": null,
"trust": 0.8,
"vendor": "ruby lang",
"version": null
},
{
"_id": null,
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"_id": null,
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011215"
},
{
"db": "NVD",
"id": "CVE-2022-28739"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168692"
},
{
"db": "PACKETSTORM",
"id": "168445"
},
{
"db": "PACKETSTORM",
"id": "167654"
}
],
"trust": 0.3
},
"cve": "CVE-2022-28739",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-28739",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-420273",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-28739",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-28739",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-28739",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-28739",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-3369",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-420273",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420273"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3369"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011215"
},
{
"db": "NVD",
"id": "CVE-2022-28739"
}
]
},
"description": {
"_id": null,
"data": "There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. Ruby Exists in an out-of-bounds read vulnerability.Information may be obtained. 7) - noarch, x86_64\n\n3. \n\nBug Fix(es):\n\n* rh-ruby30 ruby: User-installed rubygems plugins are not being loaded\n(BZ#2128629)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: ruby security, bug fix, and enhancement update\nAdvisory ID: RHSA-2022:6585-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:6585\nIssue date: 2022-09-20\nCVE Names: CVE-2022-28738 CVE-2022-28739\n====================================================================\n1. Summary:\n\nAn update for ruby is now available for Red Hat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat CodeReady Linux Builder (v. 9) - noarch\nRed Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nRuby is an extensible, interpreted, object-oriented, scripting language. It\nhas features to process text files and to perform system management tasks. \n\nThe following packages have been upgraded to a later upstream version: ruby\n(3.0.4). (BZ#2109428)\n\nSecurity Fix(es):\n\n* Ruby: Double free in Regexp compilation (CVE-2022-28738)\n\n* Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2075685 - CVE-2022-28738 Ruby: Double free in Regexp compilation\n2075687 - CVE-2022-28739 Ruby: Buffer overrun in String-to-Float conversion\n2109428 - ruby:3.0/ruby: Rebase to the latest Ruby 3.0 release [rhel-9] [rhel-9.0.0.z]\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\nSource:\nruby-3.0.4-160.el9_0.src.rpm\n\naarch64:\nruby-3.0.4-160.el9_0.aarch64.rpm\nruby-debuginfo-3.0.4-160.el9_0.aarch64.rpm\nruby-debugsource-3.0.4-160.el9_0.aarch64.rpm\nruby-devel-3.0.4-160.el9_0.aarch64.rpm\nruby-libs-3.0.4-160.el9_0.aarch64.rpm\nruby-libs-debuginfo-3.0.4-160.el9_0.aarch64.rpm\nrubygem-bigdecimal-3.0.0-160.el9_0.aarch64.rpm\nrubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.aarch64.rpm\nrubygem-io-console-0.5.7-160.el9_0.aarch64.rpm\nrubygem-io-console-debuginfo-0.5.7-160.el9_0.aarch64.rpm\nrubygem-json-2.5.1-160.el9_0.aarch64.rpm\nrubygem-json-debuginfo-2.5.1-160.el9_0.aarch64.rpm\nrubygem-psych-3.3.2-160.el9_0.aarch64.rpm\nrubygem-psych-debuginfo-3.3.2-160.el9_0.aarch64.rpm\n\nnoarch:\nruby-default-gems-3.0.4-160.el9_0.noarch.rpm\nrubygem-bundler-2.2.33-160.el9_0.noarch.rpm\nrubygem-irb-1.3.5-160.el9_0.noarch.rpm\nrubygem-minitest-5.14.2-160.el9_0.noarch.rpm\nrubygem-power_assert-1.2.0-160.el9_0.noarch.rpm\nrubygem-rake-13.0.3-160.el9_0.noarch.rpm\nrubygem-rbs-1.4.0-160.el9_0.noarch.rpm\nrubygem-rdoc-6.3.3-160.el9_0.noarch.rpm\nrubygem-rexml-3.2.5-160.el9_0.noarch.rpm\nrubygem-rss-0.2.9-160.el9_0.noarch.rpm\nrubygem-test-unit-3.3.7-160.el9_0.noarch.rpm\nrubygem-typeprof-0.15.2-160.el9_0.noarch.rpm\nrubygems-3.2.33-160.el9_0.noarch.rpm\nrubygems-devel-3.2.33-160.el9_0.noarch.rpm\n\nppc64le:\nruby-3.0.4-160.el9_0.ppc64le.rpm\nruby-debuginfo-3.0.4-160.el9_0.ppc64le.rpm\nruby-debugsource-3.0.4-160.el9_0.ppc64le.rpm\nruby-devel-3.0.4-160.el9_0.ppc64le.rpm\nruby-libs-3.0.4-160.el9_0.ppc64le.rpm\nruby-libs-debuginfo-3.0.4-160.el9_0.ppc64le.rpm\nrubygem-bigdecimal-3.0.0-160.el9_0.ppc64le.rpm\nrubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.ppc64le.rpm\nrubygem-io-console-0.5.7-160.el9_0.ppc64le.rpm\nrubygem-io-console-debuginfo-0.5.7-160.el9_0.ppc64le.rpm\nrubygem-json-2.5.1-160.el9_0.ppc64le.rpm\nrubygem-json-debuginfo-2.5.1-160.el9_0.ppc64le.rpm\nrubygem-psych-3.3.2-160.el9_0.ppc64le.rpm\nrubygem-psych-debuginfo-3.3.2-160.el9_0.ppc64le.rpm\n\ns390x:\nruby-3.0.4-160.el9_0.s390x.rpm\nruby-debuginfo-3.0.4-160.el9_0.s390x.rpm\nruby-debugsource-3.0.4-160.el9_0.s390x.rpm\nruby-devel-3.0.4-160.el9_0.s390x.rpm\nruby-libs-3.0.4-160.el9_0.s390x.rpm\nruby-libs-debuginfo-3.0.4-160.el9_0.s390x.rpm\nrubygem-bigdecimal-3.0.0-160.el9_0.s390x.rpm\nrubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.s390x.rpm\nrubygem-io-console-0.5.7-160.el9_0.s390x.rpm\nrubygem-io-console-debuginfo-0.5.7-160.el9_0.s390x.rpm\nrubygem-json-2.5.1-160.el9_0.s390x.rpm\nrubygem-json-debuginfo-2.5.1-160.el9_0.s390x.rpm\nrubygem-psych-3.3.2-160.el9_0.s390x.rpm\nrubygem-psych-debuginfo-3.3.2-160.el9_0.s390x.rpm\n\nx86_64:\nruby-3.0.4-160.el9_0.i686.rpm\nruby-3.0.4-160.el9_0.x86_64.rpm\nruby-debuginfo-3.0.4-160.el9_0.i686.rpm\nruby-debuginfo-3.0.4-160.el9_0.x86_64.rpm\nruby-debugsource-3.0.4-160.el9_0.i686.rpm\nruby-debugsource-3.0.4-160.el9_0.x86_64.rpm\nruby-devel-3.0.4-160.el9_0.i686.rpm\nruby-devel-3.0.4-160.el9_0.x86_64.rpm\nruby-libs-3.0.4-160.el9_0.i686.rpm\nruby-libs-3.0.4-160.el9_0.x86_64.rpm\nruby-libs-debuginfo-3.0.4-160.el9_0.i686.rpm\nruby-libs-debuginfo-3.0.4-160.el9_0.x86_64.rpm\nrubygem-bigdecimal-3.0.0-160.el9_0.x86_64.rpm\nrubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.i686.rpm\nrubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.x86_64.rpm\nrubygem-io-console-0.5.7-160.el9_0.x86_64.rpm\nrubygem-io-console-debuginfo-0.5.7-160.el9_0.i686.rpm\nrubygem-io-console-debuginfo-0.5.7-160.el9_0.x86_64.rpm\nrubygem-json-2.5.1-160.el9_0.x86_64.rpm\nrubygem-json-debuginfo-2.5.1-160.el9_0.i686.rpm\nrubygem-json-debuginfo-2.5.1-160.el9_0.x86_64.rpm\nrubygem-psych-3.3.2-160.el9_0.x86_64.rpm\nrubygem-psych-debuginfo-3.3.2-160.el9_0.i686.rpm\nrubygem-psych-debuginfo-3.3.2-160.el9_0.x86_64.rpm\n\nRed Hat CodeReady Linux Builder (v. 9):\n\nnoarch:\nruby-doc-3.0.4-160.el9_0.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-28738\nhttps://access.redhat.com/security/cve/CVE-2022-28739\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYypfvtzjgjWX9erEAQjaXQ/+LfzraWPwLDEBfxU87XekVmDQn/KHLw0Q\nTPgRpDtvfVkmSDDCEvYvvMOYSW3MdNmNJOwPhQyJT3cBrq0zHUog0ejoJO5jV3B1\nrOStJ/EfwskmCVaPehhJvGfrKVr2l6Uo8SH0zrLMKBtqd42/GrO2eiDs/xxhVq5U\nwvgecfUQY8lfpJ25ELa/081aAe4Cg4NN7WShf7DFJ2tw+f/IguCWi+CHZoavv3AQ\nT7So/dbIjFJmliaPcTkvW02m+JHxNGduXJfelMXB72eyJR7/jEK7OvfE89a18yZ8\nP38biUIPZFNaLW1SN62GnA8Qby6g9C/1x+pXssEQ6fo1qJPk/bW6qYfPWWM4Op5N\nVsTFDx7EAZRCQFnyczTcaUE7g9s4ZovK4qMqTZq9BhP25m9yisvV1jizNpSU6vMi\nh37/Mi0gcOOcjbtj8Nlbtx+QsHFJvOgTjDIiwPVllMpxygWjSRRnR+LBoTHCPlP2\nZG5q8MGwZAIfzKSP9Fjg58rJoiWnzyJWFLEym38lfrrjch21CtgaKm28wrKQ18PC\n7GQ/A/rARWMfAKnFYEO4zF07kidgTwyVJI5RJv8b9x4vLo7/G80CVDXIYjEDP4FR\n7fNpEfc9/owximR5WpTds3GfzTDSKzNonHX/oNhIaJLkQ27RTSPXORzxtAsz2a6j\njbIYxx9rQto=komJ\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-8 Additional information for APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1\n\nmacOS Big Sur 11.7.1 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213493. \n\nAppleMobileFileIntegrity\nAvailable for: macOS Big Sur\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2022-42825: Mickey Jin (@patch1t)\n\nAudio\nAvailable for: macOS Big Sur\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42798: Anonymous working with Trend Micro Zero Day\nInitiative\nEntry added October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nppp\nAvailable for: macOS Big Sur\nImpact: A buffer overflow may result in arbitrary code execution \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32941: an anonymous researcher\nEntry added October 27, 2022\n\nRuby\nAvailable for: macOS Big Sur\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: A memory corruption issue was addressed by updating Ruby\nto version 2.6.10. \nCVE-2022-28739\n\nSandbox\nAvailable for: macOS Big Sur\nImpact: An app with root privileges may be able to access private\ninformation\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32862: an anonymous researcher\n\nzlib\nAvailable for: macOS Big Sur\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution \nDescription: This issue was addressed with improved checks. \nCVE-2022-37434: Evgeny Legerov\nCVE-2022-42800: Evgeny Legerov\nEntry added October 27, 2022\n\nmacOS Big Sur 11.7.1 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \nCVE-2022-32862: an anonymous researcher\n\nAdditional recognition\n\nCalendar\nWe would like to acknowledge an anonymous researcher for their\nassistance. ==========================================================================\nUbuntu Security Notice USN-5462-2\nJune 06, 2022\n\nruby2.3 vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nRuby could be made to crash or read sensitive information when\nprocessing certain input. This update provides\nthe corresponding CVE-2022-28739 update for ruby2.3 on Ubuntu 16.04 ESM. \n\nOriginal advisory details:\n\nIt was discovered that Ruby incorrectly handled certain inputs. \nAn attacker could possibly use this issue to expose sensitive information. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n libruby2.3 2.3.1-2~ubuntu16.04.16+esm3\n ruby2.3 2.3.1-2~ubuntu16.04.16+esm3\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-28739"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011215"
},
{
"db": "VULHUB",
"id": "VHN-420273"
},
{
"db": "PACKETSTORM",
"id": "168692"
},
{
"db": "PACKETSTORM",
"id": "168445"
},
{
"db": "PACKETSTORM",
"id": "169553"
},
{
"db": "PACKETSTORM",
"id": "169577"
},
{
"db": "PACKETSTORM",
"id": "169552"
},
{
"db": "PACKETSTORM",
"id": "167654"
},
{
"db": "PACKETSTORM",
"id": "167425"
}
],
"trust": 2.34
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2022-28739",
"trust": 4.0
},
{
"db": "HACKERONE",
"id": "1248108",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "167425",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167654",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169577",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91198149",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-046-11",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011215",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168360",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168691",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168445",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022041404",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060723",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072010",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070105",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4673",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5061",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3320",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2802",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5301",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3369",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169553",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168692",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169552",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168357",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167421",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169566",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-420273",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420273"
},
{
"db": "PACKETSTORM",
"id": "168692"
},
{
"db": "PACKETSTORM",
"id": "168445"
},
{
"db": "PACKETSTORM",
"id": "169553"
},
{
"db": "PACKETSTORM",
"id": "169577"
},
{
"db": "PACKETSTORM",
"id": "169552"
},
{
"db": "PACKETSTORM",
"id": "167654"
},
{
"db": "PACKETSTORM",
"id": "167425"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3369"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011215"
},
{
"db": "NVD",
"id": "CVE-2022-28739"
}
]
},
"id": "VAR-202204-0855",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-420273"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T23:12:11.778000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HT213493 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html"
},
{
"title": "Ruby Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=193537"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3369"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011215"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420273"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011215"
},
{
"db": "NVD",
"id": "CVE-2022-28739"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/29"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/30"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/42"
},
{
"trust": 1.7,
"url": "https://hackerone.com/reports/1248108"
},
{
"trust": 1.7,
"url": "https://security-tracker.debian.org/tracker/cve-2022-28739"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20220624-0002/"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213493"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213494"
},
{
"trust": 1.7,
"url": "https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28739"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html"
},
{
"trust": 1.0,
"url": "https://security.gentoo.org/glsa/202401-27"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91198149/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2802"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168360/red-hat-security-advisory-2022-6447-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb20220720108"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167425/ubuntu-security-notice-usn-5462-2.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060723"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041404"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168445/red-hat-security-advisory-2022-6585-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3320"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168691/red-hat-security-advisory-2022-6856-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5061"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213494"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169577/apple-security-advisory-2022-10-27-8.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167654/red-hat-security-advisory-2022-5338-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4673"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/ruby-buffer-overflow-via-string-to-float-conversion-38079"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5301"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070105"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-28739/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-28739"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.3,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32862"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42825"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28738"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-28738"
},
{
"trust": 0.2,
"url": "https://support.apple.com/ht213493."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6855"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41819"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41817"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6585"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42798"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32944"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42800"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32941"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213494."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5338"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5462-2"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5462-1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420273"
},
{
"db": "PACKETSTORM",
"id": "168692"
},
{
"db": "PACKETSTORM",
"id": "168445"
},
{
"db": "PACKETSTORM",
"id": "169553"
},
{
"db": "PACKETSTORM",
"id": "169577"
},
{
"db": "PACKETSTORM",
"id": "169552"
},
{
"db": "PACKETSTORM",
"id": "167654"
},
{
"db": "PACKETSTORM",
"id": "167425"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3369"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011215"
},
{
"db": "NVD",
"id": "CVE-2022-28739"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-420273",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168692",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168445",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169553",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169577",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169552",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "167654",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "167425",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3369",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011215",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2022-28739",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-05-09T00:00:00",
"db": "VULHUB",
"id": "VHN-420273",
"ident": null
},
{
"date": "2022-10-11T16:06:57",
"db": "PACKETSTORM",
"id": "168692",
"ident": null
},
{
"date": "2022-09-21T13:50:28",
"db": "PACKETSTORM",
"id": "168445",
"ident": null
},
{
"date": "2022-10-31T14:19:37",
"db": "PACKETSTORM",
"id": "169553",
"ident": null
},
{
"date": "2022-10-31T14:43:13",
"db": "PACKETSTORM",
"id": "169577",
"ident": null
},
{
"date": "2022-10-31T14:19:21",
"db": "PACKETSTORM",
"id": "169552",
"ident": null
},
{
"date": "2022-07-01T14:58:20",
"db": "PACKETSTORM",
"id": "167654",
"ident": null
},
{
"date": "2022-06-07T15:15:31",
"db": "PACKETSTORM",
"id": "167425",
"ident": null
},
{
"date": "2022-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3369",
"ident": null
},
{
"date": "2023-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011215",
"ident": null
},
{
"date": "2022-05-09T18:15:08.540000",
"db": "NVD",
"id": "CVE-2022-28739",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-11-08T00:00:00",
"db": "VULHUB",
"id": "VHN-420273",
"ident": null
},
{
"date": "2023-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3369",
"ident": null
},
{
"date": "2024-02-19T06:51:00",
"db": "JVNDB",
"id": "JVNDB-2022-011215",
"ident": null
},
{
"date": "2025-11-04T16:15:48.840000",
"db": "NVD",
"id": "CVE-2022-28739",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3369"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Ruby\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011215"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3369"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.