Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2022-28739

Published: 9 May 2022

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
ruby2.3
Launchpad, Ubuntu, Debian
upstream Needs triage

xenial
Released (2.3.1-2~ubuntu16.04.16+esm3)
ruby2.5
Launchpad, Ubuntu, Debian
bionic
Released (2.5.1-1ubuntu1.12)
upstream Needs triage

ruby2.7
Launchpad, Ubuntu, Debian
focal
Released (2.7.0-5ubuntu1.7)
impish
Released (2.7.4-1ubuntu3.2)
jammy Does not exist

upstream Needs triage

ruby3.0
Launchpad, Ubuntu, Debian
jammy
Released (3.0.2-7ubuntu2.1)
kinetic Not vulnerable

upstream
Released (3.0.4-1)