14 lines
1.1 KiB
JSON
14 lines
1.1 KiB
JSON
{
|
|
"id": "openEuler-SA-2022-1700",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1700",
|
|
"title": "An update for ruby is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
|
|
"severity": "Moderate",
|
|
"description": "Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks (such as Perl).\r\n\r\nSecurity Fix(es):\r\n\r\nThere is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.(CVE-2022-28739)\r\n\r\nA double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.(CVE-2022-28738)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2022-28738",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28738",
|
|
"severity": "Moderate"
|
|
}
|
|
]
|
|
} |