FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Ruby -- Buffer overrun in String-to-Float conversion

Affected packages
2.7.0,1 <= ruby < 2.7.6,1
3.0.0,1 <= ruby < 3.0.4,1
3.1.0,1 <= ruby < 3.1.2,1
3.2.0.p1,1 <= ruby < 3.2.0.p1_1,1
2.7.0,1 <= ruby27 < 2.7.6,1
3.0.0,1 <= ruby30 < 3.0.4,1
3.1.0,1 <= ruby31 < 3.1.2,1
3.2.0.p1,1 <= ruby32 < 3.2.0.p1_1,1

Details

VuXML ID 06ed6a49-bad4-11ec-9cfe-0800270512f4
Discovery 2022-04-12
Entry 2022-04-13

piao reports:

Due to a bug in an internal function that converts a String to a Float, some convertion methods like Kernel#Float and String#to_f could cause buffer over-read. A typical consequence is a process termination due to segmentation fault, but in a limited circumstances, it may be exploitable for illegal memory read.

[source]

References

CVE Name CVE-2022-28739
URL https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.