CVE-2022-28739

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.

Published: May 9, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-28739
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
ruby-lang / ruby	3.1.0	3.1.2
ruby-lang / ruby	3.0.0	3.0.4
ruby-lang / ruby	2.7.0	2.7.6
ruby-lang / ruby	-	2.6.10
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x
debian / debian_linux	11.0	11.0.x
apple / macos	12.0	12.6.1
apple / macos	11.0	11.7.1

http://seclists.org/fulldisclosure/2022/Oct/28
http://seclists.org/fulldisclosure/2022/Oct/29
http://seclists.org/fulldisclosure/2022/Oct/30
http://seclists.org/fulldisclosure/2022/Oct/41
http://seclists.org/fulldisclosure/2022/Oct/42
https://hackerone.com/reports/1248108
https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html
https://security-tracker.debian.org/tracker/CVE-2022-28739
https://security.gentoo.org/glsa/202401-27
https://security.netapp.com/advisory/ntap-20220624-0002/
https://support.apple.com/kb/HT213488
https://support.apple.com/kb/HT213493
https://support.apple.com/kb/HT213494
https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/

Vulnerability Database

289,599

CVE-2022-28739