CVE-2022-28739
published 2022-05-09CVE-2022-28739: There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
3.87%
88.9th percentile
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos | >= 11.0 < 11.7.1 | 11.7.1 |
| apple | macos | >= 12.0 < 12.6.1 | 12.6.1 |
| apple | macos_big_sur | — | — |
| apple | macos_monterey | — | — |
| apple | macos_ventura | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | ruby2.7 | < ruby2.7 2.7.4-1+deb11u2 (bullseye) | ruby2.7 2.7.4-1+deb11u2 (bullseye) |
| msrc | cm1_ruby_2.6.10-1_on_cbl_mariner_1.0 | — | — |
| ruby-lang | ruby | < 2.6.10 | 2.6.10 |
| ruby-lang | ruby | >= 2.7.0 < 2.7.6 | 2.7.6 |
| ruby-lang | ruby | >= 3.0.0 < 3.0.4 | 3.0.4 |
| ruby-lang | ruby | >= 3.1.0 < 3.1.2 | 3.1.2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv9.8CRITICAL
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
ruby2.5, ruby2.7, ruby3.0 vulnerabilities
osv·2022-06-06·CVSS 9.8
CVE-2022-28738 [CRITICAL] ruby2.5, ruby2.7, ruby3.0 vulnerabilities
ruby2.5, ruby2.7, ruby3.0 vulnerabilities
It was discovered that Ruby incorrectly handled certain regular expressions.
An attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS. (CVE-2022-28738)
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2022-28739)
OSV
ruby2.3 vulnerability
osv·2022-06-06·CVSS 7.5
CVE-2022-28739 [HIGH] ruby2.3 vulnerability
ruby2.3 vulnerability
USN-5462-1 fixed several vulnerabilities in Ruby. This update provides
the corresponding CVE-2022-28739 update for ruby2.3 on Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
GHSA
GHSA-mvgc-rxvg-hqc6: There is a buffer over-read in Ruby before 2
ghsa_unreviewed·2022-05-10
CVE-2022-28739 [HIGH] CWE-125 GHSA-mvgc-rxvg-hqc6: There is a buffer over-read in Ruby before 2
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
OSV
CVE-2022-28739: There is a buffer over-read in Ruby before 2
osv·2022-05-09·CVSS 7.5
CVE-2022-28739 [HIGH] CVE-2022-28739: There is a buffer over-read in Ruby before 2
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
CISA ICS
Siemens SCALANCE XCM-/XRM-300
cisa_ics·2024-02-15
Siemens SCALANCE XCM-/XRM-300
ICS Advisory
##
Siemens SCALANCE XCM-/XRM-300
Release DateFebruary 15, 2024
Alert CodeICSA-24-046-11
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE XCM-/XRM-300
- Vulnerabilities: Out-of-bounds Write, Incorrect Type Conversion or Cast, Improper Verification of Cryptographic Signature, Improper Access Control, Improper Authentication, Missing Encryption
Apple
CVE-2022-28739: macOS Ventura 13
vendor_apple·2022-10-24·CVSS 7.5
CVE-2022-28739 [HIGH] CVE-2022-28739: macOS Ventura 13
Apple Security Update: About the security content of macOS Ventura 13
Product: macOS Ventura
Version: 13
CVE: CVE-2022-28739
Component: CVE-2022-28739
Apple
CVE-2022-28739: macOS Big Sur 11.7.1
vendor_apple·2022-10-24·CVSS 7.5
CVE-2022-28739 [HIGH] CVE-2022-28739: macOS Big Sur 11.7.1
Apple Security Update: About the security content of macOS Big Sur 11.7.1
Product: macOS Big Sur
Version: 11.7.1
CVE: CVE-2022-28739
Component: CVE-2022-28739
Apple
CVE-2022-28739: macOS Monterey 12.6.1
vendor_apple·2022-10-24·CVSS 7.5
CVE-2022-28739 [HIGH] CVE-2022-28739: macOS Monterey 12.6.1
Apple Security Update: About the security content of macOS Monterey 12.6.1
Product: macOS Monterey
Version: 12.6.1
CVE: CVE-2022-28739
Component: CVE-2022-28739
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2022-06-06·CVSS 7.5
CVE-2022-28739 [HIGH] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in Ruby.
It was discovered that Ruby incorrectly handled certain regular expressions.
An attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS. (2022-28738)
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2022-28739)
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Ruby vulnerability
vendor_ubuntu·2022-06-06·CVSS 7.5
CVE-2022-28739 [HIGH] Ruby vulnerability
Title: Ruby vulnerability
Summary: Ruby could be made to crash or read sensitive information when
processing certain input.
USN-5462-1 fixed several vulnerabilities in Ruby. This update provides
the corresponding CVE-2022-28739 update for ruby2.3 on Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
Instructions: In general, a standard system update will make all the necessary changes.
Microsoft
There is a buffer over-read in Ruby before 2.6.10 2.7.x before 2.7.6 3.x before 3.0.4 and 3.1.x before 3.1.2. It occurs in String-to-Float conversion including Kernel#Float and String#to_f.
vendor_msrc·2022-05-10·CVSS 7.5
CVE-2022-28739 [HIGH] CWE-125 There is a buffer over-read in Ruby before 2.6.10 2.7.x before 2.7.6 3.x before 3.0.4 and 3.1.x before 3.1.2. It occurs in String-to-Float conversion including Kernel#Float and String#to_f.
There is a buffer over-read in Ruby before 2.6.10 2.7.x before 2.7.6 3.x before 3.0.4 and 3.1.x before 3.1.2. It occurs in String-to-Float conversion including Kernel#Float and String#to_f.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to ref
Red Hat
ruby: Buffer overrun in String-to-Float conversion
vendor_redhat·2022-04-14·CVSS 7.5
CVE-2022-28739 [HIGH] CWE-125 ruby: Buffer overrun in String-to-Float conversion
ruby: Buffer overrun in String-to-Float conversion
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read.
Package: ruby (Red Hat Enterprise Linux 6) - Out of support scope
Package: ruby (Red Hat Enterprise Linux 7) - Out of support scope
Debian
CVE-2022-28739: ruby2.7 - There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x befor...
vendor_debian·2022·CVSS 7.5
CVE-2022-28739 [HIGH] CVE-2022-28739: ruby2.7 - There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x befor...
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
Scope: local
bullseye: resolved (fixed in 2.7.4-1+deb11u2)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2022/Oct/28http://seclists.org/fulldisclosure/2022/Oct/29http://seclists.org/fulldisclosure/2022/Oct/30http://seclists.org/fulldisclosure/2022/Oct/41http://seclists.org/fulldisclosure/2022/Oct/42https://hackerone.com/reports/1248108https://lists.debian.org/debian-lts-announce/2023/06/msg00012.htmlhttps://security-tracker.debian.org/tracker/CVE-2022-28739https://security.gentoo.org/glsa/202401-27https://security.netapp.com/advisory/ntap-20220624-0002/https://support.apple.com/kb/HT213488https://support.apple.com/kb/HT213493https://support.apple.com/kb/HT213494https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/http://seclists.org/fulldisclosure/2022/Oct/28http://seclists.org/fulldisclosure/2022/Oct/29http://seclists.org/fulldisclosure/2022/Oct/30http://seclists.org/fulldisclosure/2022/Oct/41http://seclists.org/fulldisclosure/2022/Oct/42https://hackerone.com/reports/1248108https://lists.debian.org/debian-lts-announce/2023/06/msg00012.htmlhttps://lists.debian.org/debian-lts-announce/2024/09/msg00000.htmlhttps://security-tracker.debian.org/tracker/CVE-2022-28739https://security.gentoo.org/glsa/202401-27https://security.netapp.com/advisory/ntap-20220624-0002/https://support.apple.com/kb/HT213488https://support.apple.com/kb/HT213493https://support.apple.com/kb/HT213494https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/
2022-05-09
Published