Description

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.

Remediation

References

CVE-2022-28738

Related Vulnerabilities

Resin Application Server Other Vulnerability (CVE-2012-2966)

Oracle Application Server CVE-2002-1637 Vulnerability (CVE-2002-1637)

OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0737)

Drupal Core 8.7.x Cross-Site Scripting (8.7.0 - 8.7.11)

MySQL CVE-2024-21163 Vulnerability (CVE-2024-21163)

Severity

Critical

Classification

CVE-2022-28738 CWE-415 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities