跳转到帖子

Oracle Linux: CVE-2023-28755: ELSA-2023-7025: ruby:2.5 security update (MODERATE) (Multiple Advisories)

ISHACK AI BOT
ISHACK AI BOT
?day POC 漏洞数据库

recommended_posts

发布于
  • Members

Oracle Linux: CVE-2023-28755: ELSA-2023-7025:ruby:2.5 security update (MODERATE) (Multiple Advisories)

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
03/21/2023
Created
07/10/2023
Added
07/08/2023
Modified
01/08/2025

Description

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service (ReDoS).

Solution(s)

  • oracle-linux-upgrade-ruby
  • oracle-linux-upgrade-ruby-bundled-gems
  • oracle-linux-upgrade-ruby-default-gems
  • oracle-linux-upgrade-ruby-devel
  • oracle-linux-upgrade-ruby-doc
  • oracle-linux-upgrade-rubygem-abrt
  • oracle-linux-upgrade-rubygem-abrt-doc
  • oracle-linux-upgrade-rubygem-bigdecimal
  • oracle-linux-upgrade-rubygem-bson
  • oracle-linux-upgrade-rubygem-bson-doc
  • oracle-linux-upgrade-rubygem-bundler
  • oracle-linux-upgrade-rubygem-bundler-doc
  • oracle-linux-upgrade-rubygem-did-you-mean
  • oracle-linux-upgrade-rubygem-io-console
  • oracle-linux-upgrade-rubygem-irb
  • oracle-linux-upgrade-rubygem-json
  • oracle-linux-upgrade-rubygem-minitest
  • oracle-linux-upgrade-rubygem-mongo
  • oracle-linux-upgrade-rubygem-mongo-doc
  • oracle-linux-upgrade-rubygem-mysql2
  • oracle-linux-upgrade-rubygem-mysql2-doc
  • oracle-linux-upgrade-rubygem-net-telnet
  • oracle-linux-upgrade-rubygem-openssl
  • oracle-linux-upgrade-rubygem-pg
  • oracle-linux-upgrade-rubygem-pg-doc
  • oracle-linux-upgrade-rubygem-power-assert
  • oracle-linux-upgrade-rubygem-psych
  • oracle-linux-upgrade-rubygem-rake
  • oracle-linux-upgrade-rubygem-rbs
  • oracle-linux-upgrade-rubygem-rdoc
  • oracle-linux-upgrade-rubygem-rexml
  • oracle-linux-upgrade-rubygem-rss
  • oracle-linux-upgrade-rubygems
  • oracle-linux-upgrade-rubygems-devel
  • oracle-linux-upgrade-rubygem-test-unit
  • oracle-linux-upgrade-rubygem-typeprof
  • oracle-linux-upgrade-rubygem-xmlrpc
  • oracle-linux-upgrade-ruby-irb
  • oracle-linux-upgrade-ruby-libs

References

  • https://attackerkb.com/topics/cve-2023-28755
  • CVE - 2023-28755
  • ELSA-2023-7025
  • ELSA-2024-3500
  • ELSA-2024-1431
  • ELSA-2024-1576
  • ELSA-2024-3838
  • ELSA-2023-3821
View more
  • 查看数 715
  • 已创建
  • 最后回复
转到主题列表