Your submission was sent successfully! Close

CVE-2022-28739

Published: 9 May 2022

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
ruby2.3
Launchpad, Ubuntu, Debian
upstream Needs triage

xenial
Released (2.3.1-2~ubuntu16.04.16+esm3)
ruby2.5
Launchpad, Ubuntu, Debian
bionic Needs triage

upstream Needs triage

ruby2.7
Launchpad, Ubuntu, Debian
focal Needs triage

impish Needs triage

jammy Does not exist

upstream Needs triage

ruby3.0
Launchpad, Ubuntu, Debian
jammy Needs triage

upstream
Released (3.0.4-1)