CVE-2022-28738
published 2022-05-09CVE-2022-28738: A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user…
PriorityP348critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.57%
83.2th percentile
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ruby2.7 | — | — |
| ruby-lang | ruby | >= 0 < 3.0.4-r0 | 3.0.4-r0 |
| ruby-lang | ruby | >= 0 < 3.1.2-r0 | 3.1.2-r0 |
| ruby-lang | ruby | >= 0 < 3.1.2-r0 | 3.1.2-r0 |
| ruby-lang | ruby | >= 0 < 3.1.2-r0 | 3.1.2-r0 |
| ruby-lang | ruby | >= 0 < 3.1.2-r0 | 3.1.2-r0 |
| ruby-lang | ruby | >= 0 < 3.1.2-r0 | 3.1.2-r0 |
| ruby-lang | ruby | >= 0 < 3.1.2-r0 | 3.1.2-r0 |
| ruby-lang | ruby | >= 0 < 3.1.2-r0 | 3.1.2-r0 |
| ruby-lang | ruby | >= 0 < 3.1.2-r0 | 3.1.2-r0 |
| ruby-lang | ruby | >= 3.0.0 < 3.0.4 | 3.0.4 |
| ruby-lang | ruby | >= 3.1.0 < 3.1.2 | 3.1.2 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8LOW
vendor_oracle9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SCALANCE XCM-/XRM-300
cisa_ics·2024-02-15
Siemens SCALANCE XCM-/XRM-300
ICS Advisory
##
Siemens SCALANCE XCM-/XRM-300
Release DateFebruary 15, 2024
Alert CodeICSA-24-046-11
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE XCM-/XRM-300
- Vulnerabilities: Out-of-bounds Write, Incorrect Type Conversion or Cast, Improper Verification of Cryptographic Signature, Improper Access Control, Improper Authentication, Missing Encryption
Oracle
Oracle Oracle JD Edwards Risk Matrix: E1 Dev Platform Tech - Cloud Manager (Ruby) — CVE-2022-28738
vendor_oracle·2023-04-15·CVSS 9.8
CVE-2022-28738 [CRITICAL] Oracle Oracle JD Edwards Risk Matrix: E1 Dev Platform Tech - Cloud Manager (Ruby) — CVE-2022-28738
Oracle Oracle JD Edwards Risk Matrix: E1 Dev Platform Tech - Cloud Manager (Ruby) vulnerability
CVE: CVE-2022-28738
CVSS: 9.8
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2023 (APR 2023)
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2022-06-06·CVSS 7.5
CVE-2022-28739 [HIGH] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in Ruby.
It was discovered that Ruby incorrectly handled certain regular expressions.
An attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS. (2022-28738)
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2022-28739)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
Ruby: Double free in Regexp compilation
vendor_redhat·2022-04-14·CVSS 9.8
CVE-2022-28738 [CRITICAL] CWE-415 Ruby: Double free in Regexp compilation
Ruby: Double free in Regexp compilation
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.
A double-free vulnerability was found in Ruby. The issue occurs during Regexp compilation. This flaw allows an attacker to create a Regexp object with a crafted source string that could cause the same memory to be freed twice.
Statement: Ruby 2.6 series and 2.7 series are not affected.
Package: ruby (Red Hat Enterprise Linux 6) - Not affected
Package: ruby (Red Hat Enterprise Linux 7) - Not affected
Package: ruby:2.5/ruby (Red Hat Enterprise Linux 8) - Not affected
Package: ruby:2.6/ruby (Red Hat Enterprise Linux 8) - N
Debian
CVE-2022-28738: ruby2.7 - A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1....
vendor_debian·2022·CVSS 9.8
CVE-2022-28738 [CRITICAL] CVE-2022-28738: ruby2.7 - A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1....
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.
Scope: local
bullseye: resolved
OSV
ruby2.5, ruby2.7, ruby3.0 vulnerabilities
osv·2022-06-06·CVSS 9.8
CVE-2022-28738 [CRITICAL] ruby2.5, ruby2.7, ruby3.0 vulnerabilities
ruby2.5, ruby2.7, ruby3.0 vulnerabilities
It was discovered that Ruby incorrectly handled certain regular expressions.
An attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS. (CVE-2022-28738)
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2022-28739)
GHSA
GHSA-8pqg-8p79-j5j8: A double free was found in the Regexp compiler in Ruby 3
ghsa_unreviewed·2022-05-10
CVE-2022-28738 [CRITICAL] CWE-415 GHSA-8pqg-8p79-j5j8: A double free was found in the Regexp compiler in Ruby 3
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.
OSV
CVE-2022-28738: A double free was found in the Regexp compiler in Ruby 3
osv·2022-05-09·CVSS 9.8
CVE-2022-28738 [CRITICAL] CVE-2022-28738: A double free was found in the Regexp compiler in Ruby 3
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.
No detection rules found.
No public exploits indexed.
https://hackerone.com/reports/1220911https://security-tracker.debian.org/tracker/CVE-2022-28738https://security.gentoo.org/glsa/202401-27https://security.netapp.com/advisory/ntap-20220624-0002/https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/https://hackerone.com/reports/1220911https://security-tracker.debian.org/tracker/CVE-2022-28738https://security.gentoo.org/glsa/202401-27https://security.netapp.com/advisory/ntap-20220624-0002/https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/
2022-05-09
Published