FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Ruby -- Double free in Regexp compilation

Affected packages
3.0.0,1 <= ruby < 3.0.4,1
3.1.0,1 <= ruby < 3.1.2,1
3.2.0.p1,1 <= ruby < 3.2.0.p1_1,1
3.0.0,1 <= ruby30 < 3.0.4,1
3.1.0,1 <= ruby31 < 3.1.2,1
3.2.0.p1,1 <= ruby32 < 3.2.0.p1_1,1


VuXML ID f22144d7-bad1-11ec-9cfe-0800270512f4
Discovery 2022-04-12
Entry 2022-04-13

piao reports:

Due to a bug in the Regexp compilation process, creating a Regexp object with a crafted source string could cause the same memory to be freed twice. This is known as a "double free" vulnerability. Note that, in general, it is considered unsafe to create and use a Regexp object generated from untrusted input. In this case, however, following a comprehensive assessment, we treat this issue as a vulnerability.


CVE Name CVE-2022-28738