发布于3月6日3月6日 Members Oracle Linux: CVE-2023-28756: ELSA-2023-7025:ruby:2.5 security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/21/2023 Created 07/10/2023 Added 07/08/2023 Modified 01/08/2025 Description A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service (ReDoS). Solution(s) oracle-linux-upgrade-ruby oracle-linux-upgrade-ruby-bundled-gems oracle-linux-upgrade-ruby-default-gems oracle-linux-upgrade-ruby-devel oracle-linux-upgrade-ruby-doc oracle-linux-upgrade-rubygem-abrt oracle-linux-upgrade-rubygem-abrt-doc oracle-linux-upgrade-rubygem-bigdecimal oracle-linux-upgrade-rubygem-bson oracle-linux-upgrade-rubygem-bson-doc oracle-linux-upgrade-rubygem-bundler oracle-linux-upgrade-rubygem-bundler-doc oracle-linux-upgrade-rubygem-did-you-mean oracle-linux-upgrade-rubygem-io-console oracle-linux-upgrade-rubygem-irb oracle-linux-upgrade-rubygem-json oracle-linux-upgrade-rubygem-minitest oracle-linux-upgrade-rubygem-mongo oracle-linux-upgrade-rubygem-mongo-doc oracle-linux-upgrade-rubygem-mysql2 oracle-linux-upgrade-rubygem-mysql2-doc oracle-linux-upgrade-rubygem-net-telnet oracle-linux-upgrade-rubygem-openssl oracle-linux-upgrade-rubygem-pg oracle-linux-upgrade-rubygem-pg-doc oracle-linux-upgrade-rubygem-power-assert oracle-linux-upgrade-rubygem-psych oracle-linux-upgrade-rubygem-rake oracle-linux-upgrade-rubygem-rbs oracle-linux-upgrade-rubygem-rdoc oracle-linux-upgrade-rubygem-rexml oracle-linux-upgrade-rubygem-rss oracle-linux-upgrade-rubygems oracle-linux-upgrade-rubygems-devel oracle-linux-upgrade-rubygem-test-unit oracle-linux-upgrade-rubygem-typeprof oracle-linux-upgrade-rubygem-xmlrpc oracle-linux-upgrade-ruby-irb oracle-linux-upgrade-ruby-libs References https://attackerkb.com/topics/cve-2023-28756 CVE - 2023-28756 ELSA-2023-7025 ELSA-2024-3500 ELSA-2024-1431 ELSA-2024-1576 ELSA-2024-3838 ELSA-2023-3821 View more
