跳转到帖子

Ubuntu: USN-6838-1 (CVE-2024-27282): Ruby vulnerabilities

recommended_posts

发布于
  • Members

Ubuntu: USN-6838-1 (CVE-2024-27282): Ruby vulnerabilities

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
05/14/2024
Created
06/21/2024
Added
06/21/2024
Modified
10/23/2024

Description

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1.

Solution(s)

  • ubuntu-upgrade-libruby2-7
  • ubuntu-upgrade-libruby3-0
  • ubuntu-upgrade-libruby3-1
  • ubuntu-upgrade-libruby3-2
  • ubuntu-upgrade-ruby2-7
  • ubuntu-upgrade-ruby3-0
  • ubuntu-upgrade-ruby3-1
  • ubuntu-upgrade-ruby3-2

References

  • https://attackerkb.com/topics/cve-2024-27282
  • CVE - 2024-27282
  • USN-6838-1
  • 查看数 705
  • 已创建
  • 最后回复

参与讨论

你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。
注意:你的帖子需要版主批准后才能看到。

游客
回帖…