发布于3月6日3月6日 Members Amazon Linux 2023: CVE-2023-28756: Important priority package update for ruby3.2 Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/21/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service (ReDoS). Solution(s) amazon-linux-2023-upgrade-ruby3-2 amazon-linux-2023-upgrade-ruby3-2-bundled-gems amazon-linux-2023-upgrade-ruby3-2-bundled-gems-debuginfo amazon-linux-2023-upgrade-ruby3-2-debuginfo amazon-linux-2023-upgrade-ruby3-2-debugsource amazon-linux-2023-upgrade-ruby3-2-default-gems amazon-linux-2023-upgrade-ruby3-2-devel amazon-linux-2023-upgrade-ruby3-2-doc amazon-linux-2023-upgrade-ruby3-2-libs amazon-linux-2023-upgrade-ruby3-2-libs-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-bigdecimal amazon-linux-2023-upgrade-ruby3-2-rubygem-bigdecimal-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-bundler amazon-linux-2023-upgrade-ruby3-2-rubygem-io-console amazon-linux-2023-upgrade-ruby3-2-rubygem-io-console-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-irb amazon-linux-2023-upgrade-ruby3-2-rubygem-json amazon-linux-2023-upgrade-ruby3-2-rubygem-json-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-minitest amazon-linux-2023-upgrade-ruby3-2-rubygem-power-assert amazon-linux-2023-upgrade-ruby3-2-rubygem-psych amazon-linux-2023-upgrade-ruby3-2-rubygem-psych-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-rake amazon-linux-2023-upgrade-ruby3-2-rubygem-rbs amazon-linux-2023-upgrade-ruby3-2-rubygem-rbs-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-rdoc amazon-linux-2023-upgrade-ruby3-2-rubygem-rexml amazon-linux-2023-upgrade-ruby3-2-rubygem-rss amazon-linux-2023-upgrade-ruby3-2-rubygems amazon-linux-2023-upgrade-ruby3-2-rubygems-devel amazon-linux-2023-upgrade-ruby3-2-rubygem-test-unit amazon-linux-2023-upgrade-ruby3-2-rubygem-typeprof References https://attackerkb.com/topics/cve-2023-28756 CVE - 2023-28756 https://alas.aws.amazon.com/AL2023/ALAS-2023-158.html
