Details of VAR-202204-0855

ID

VAR-202204-0855

CVE

CVE-2022-28739

TITLE

Ruby Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011215

DESCRIPTION

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. Ruby Exists in an out-of-bounds read vulnerability.Information may be obtained. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby:3.0 security, bug fix, and enhancement update Advisory ID: RHSA-2022:6450-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6450 Issue date: 2022-09-13 CVE Names: CVE-2021-41817 CVE-2021-41819 CVE-2022-28738 CVE-2022-28739 ===================================================================== 1. Summary: An update for the ruby:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.0.4). (BZ#2109431) Security Fix(es): * ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817) * ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819) * Ruby: Double free in Regexp compilation (CVE-2022-28738) * Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * ruby 3.0: User-installed rubygems plugins are not being loaded [RHEL8] (BZ#2110981) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2025104 - CVE-2021-41817 ruby: Regular expression denial of service vulnerability of Date parsing methods 2026757 - CVE-2021-41819 ruby: Cookie prefix spoofing in CGI::Cookie.parse 2075685 - CVE-2022-28738 Ruby: Double free in Regexp compilation 2075687 - CVE-2022-28739 Ruby: Buffer overrun in String-to-Float conversion 2109431 - ruby:3.0/ruby: Rebase to the latest Ruby 3.0 release [rhel-8] [rhel-8.6.0.z] 2110981 - ruby 3.0: User-installed rubygems plugins are not being loaded [RHEL8] [rhel-8.6.0.z] 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: ruby-3.0.4-141.module+el8.6.0+16311+3e5e17e9.src.rpm rubygem-abrt-0.4.0-1.module+el8.5.0+11580+845038eb.src.rpm rubygem-mysql2-0.5.3-1.module+el8.5.0+11580+845038eb.src.rpm rubygem-pg-1.2.3-1.module+el8.5.0+11580+845038eb.src.rpm aarch64: ruby-3.0.4-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm ruby-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm ruby-debugsource-3.0.4-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm ruby-devel-3.0.4-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm ruby-libs-3.0.4-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm ruby-libs-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm rubygem-bigdecimal-3.0.0-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm rubygem-bigdecimal-debuginfo-3.0.0-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm rubygem-io-console-0.5.7-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm rubygem-io-console-debuginfo-0.5.7-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm rubygem-json-2.5.1-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm rubygem-json-debuginfo-2.5.1-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm rubygem-mysql2-0.5.3-1.module+el8.5.0+11580+845038eb.aarch64.rpm rubygem-mysql2-debuginfo-0.5.3-1.module+el8.5.0+11580+845038eb.aarch64.rpm rubygem-mysql2-debugsource-0.5.3-1.module+el8.5.0+11580+845038eb.aarch64.rpm rubygem-pg-1.2.3-1.module+el8.5.0+11580+845038eb.aarch64.rpm rubygem-pg-debuginfo-1.2.3-1.module+el8.5.0+11580+845038eb.aarch64.rpm rubygem-pg-debugsource-1.2.3-1.module+el8.5.0+11580+845038eb.aarch64.rpm rubygem-psych-3.3.2-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm rubygem-psych-debuginfo-3.3.2-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm noarch: ruby-default-gems-3.0.4-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm ruby-doc-3.0.4-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm rubygem-abrt-0.4.0-1.module+el8.5.0+11580+845038eb.noarch.rpm rubygem-abrt-doc-0.4.0-1.module+el8.5.0+11580+845038eb.noarch.rpm rubygem-bundler-2.2.33-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm rubygem-irb-1.3.5-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm rubygem-minitest-5.14.2-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm rubygem-mysql2-doc-0.5.3-1.module+el8.5.0+11580+845038eb.noarch.rpm rubygem-pg-doc-1.2.3-1.module+el8.5.0+11580+845038eb.noarch.rpm rubygem-power_assert-1.2.0-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm rubygem-rake-13.0.3-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm rubygem-rbs-1.4.0-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm rubygem-rdoc-6.3.3-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm rubygem-rexml-3.2.5-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm rubygem-rss-0.2.9-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm rubygem-test-unit-3.3.7-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm rubygem-typeprof-0.15.2-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm rubygems-3.2.33-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm rubygems-devel-3.2.33-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm ppc64le: ruby-3.0.4-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm ruby-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm ruby-debugsource-3.0.4-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm ruby-devel-3.0.4-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm ruby-libs-3.0.4-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm ruby-libs-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm rubygem-bigdecimal-3.0.0-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm rubygem-bigdecimal-debuginfo-3.0.0-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm rubygem-io-console-0.5.7-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm rubygem-io-console-debuginfo-0.5.7-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm rubygem-json-2.5.1-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm rubygem-json-debuginfo-2.5.1-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm rubygem-mysql2-0.5.3-1.module+el8.5.0+11580+845038eb.ppc64le.rpm rubygem-mysql2-debuginfo-0.5.3-1.module+el8.5.0+11580+845038eb.ppc64le.rpm rubygem-mysql2-debugsource-0.5.3-1.module+el8.5.0+11580+845038eb.ppc64le.rpm rubygem-pg-1.2.3-1.module+el8.5.0+11580+845038eb.ppc64le.rpm rubygem-pg-debuginfo-1.2.3-1.module+el8.5.0+11580+845038eb.ppc64le.rpm rubygem-pg-debugsource-1.2.3-1.module+el8.5.0+11580+845038eb.ppc64le.rpm rubygem-psych-3.3.2-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm rubygem-psych-debuginfo-3.3.2-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm s390x: ruby-3.0.4-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm ruby-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm ruby-debugsource-3.0.4-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm ruby-devel-3.0.4-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm ruby-libs-3.0.4-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm ruby-libs-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm rubygem-bigdecimal-3.0.0-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm rubygem-bigdecimal-debuginfo-3.0.0-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm rubygem-io-console-0.5.7-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm rubygem-io-console-debuginfo-0.5.7-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm rubygem-json-2.5.1-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm rubygem-json-debuginfo-2.5.1-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm rubygem-mysql2-0.5.3-1.module+el8.5.0+11580+845038eb.s390x.rpm rubygem-mysql2-debuginfo-0.5.3-1.module+el8.5.0+11580+845038eb.s390x.rpm rubygem-mysql2-debugsource-0.5.3-1.module+el8.5.0+11580+845038eb.s390x.rpm rubygem-pg-1.2.3-1.module+el8.5.0+11580+845038eb.s390x.rpm rubygem-pg-debuginfo-1.2.3-1.module+el8.5.0+11580+845038eb.s390x.rpm rubygem-pg-debugsource-1.2.3-1.module+el8.5.0+11580+845038eb.s390x.rpm rubygem-psych-3.3.2-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm rubygem-psych-debuginfo-3.3.2-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm x86_64: ruby-3.0.4-141.module+el8.6.0+16311+3e5e17e9.i686.rpm ruby-3.0.4-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm ruby-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.i686.rpm ruby-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm ruby-debugsource-3.0.4-141.module+el8.6.0+16311+3e5e17e9.i686.rpm ruby-debugsource-3.0.4-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm ruby-devel-3.0.4-141.module+el8.6.0+16311+3e5e17e9.i686.rpm ruby-devel-3.0.4-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm ruby-libs-3.0.4-141.module+el8.6.0+16311+3e5e17e9.i686.rpm ruby-libs-3.0.4-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm ruby-libs-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.i686.rpm ruby-libs-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm rubygem-bigdecimal-3.0.0-141.module+el8.6.0+16311+3e5e17e9.i686.rpm rubygem-bigdecimal-3.0.0-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm rubygem-bigdecimal-debuginfo-3.0.0-141.module+el8.6.0+16311+3e5e17e9.i686.rpm rubygem-bigdecimal-debuginfo-3.0.0-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm rubygem-io-console-0.5.7-141.module+el8.6.0+16311+3e5e17e9.i686.rpm rubygem-io-console-0.5.7-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm rubygem-io-console-debuginfo-0.5.7-141.module+el8.6.0+16311+3e5e17e9.i686.rpm rubygem-io-console-debuginfo-0.5.7-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm rubygem-json-2.5.1-141.module+el8.6.0+16311+3e5e17e9.i686.rpm rubygem-json-2.5.1-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm rubygem-json-debuginfo-2.5.1-141.module+el8.6.0+16311+3e5e17e9.i686.rpm rubygem-json-debuginfo-2.5.1-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm rubygem-mysql2-0.5.3-1.module+el8.5.0+11580+845038eb.x86_64.rpm rubygem-mysql2-debuginfo-0.5.3-1.module+el8.5.0+11580+845038eb.x86_64.rpm rubygem-mysql2-debugsource-0.5.3-1.module+el8.5.0+11580+845038eb.x86_64.rpm rubygem-pg-1.2.3-1.module+el8.5.0+11580+845038eb.x86_64.rpm rubygem-pg-debuginfo-1.2.3-1.module+el8.5.0+11580+845038eb.x86_64.rpm rubygem-pg-debugsource-1.2.3-1.module+el8.5.0+11580+845038eb.x86_64.rpm rubygem-psych-3.3.2-141.module+el8.6.0+16311+3e5e17e9.i686.rpm rubygem-psych-3.3.2-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm rubygem-psych-debuginfo-3.3.2-141.module+el8.6.0+16311+3e5e17e9.i686.rpm rubygem-psych-debuginfo-3.3.2-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-41817 https://access.redhat.com/security/cve/CVE-2021-41819 https://access.redhat.com/security/cve/CVE-2022-28738 https://access.redhat.com/security/cve/CVE-2022-28739 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYyCB39zjgjWX9erEAQhxWw/+KSmwOTYjC11C1DDOcN3gyX3jVPdq04pL SEeobwoattaVo7kvVHRMFncpWiqrGY4j2V7vEFUh0ejKF8PxSVBYwxB+NfNmD2V3 l8XEaFGq0/l8GHBFEc2IqAP4wmXhECxE3nI2eaOBm0FYlQIHnw9vmvck0uxelZQ5 MoNLPMmq5X3tD6E8bbJvg0JbkemcQF8Q6tfKlAHIsvsc4cthCNcTPa8gyN1uXH+0 pEG5MMxRC+06lTStqQVKbbyVSDmHoaQBjXhNo9NROlgkvqwLAhrWZzDMLs/4d7fS 3Cy/p80vWpVg56M3oPIY4OMfMgNwrLwfLqCJWFA0IcdYhffClzorMiCs85MteWQA zYZoaKFOf0m38TD1yTOtjcXoHrtbLfXsnQFu5R08SyBCj7ppI1IUE8rCHvNtDnCp CQke/GAHoNeFBppAsfseDkOndutSipImmygGhX05QI5gvRC3/Cz/nAvZX9TpNia5 SlVsO8w9XJIvtbcLjOkHBjFuGpZ71bHNBOqveRkfuE6q3W6TXKpqhTlkipdrb41L 6nuJKNm89/Hi++5RKmv6YJRDfLr86K9StCBtrvEqgV9XTt6ppwEI/0uzbVFhPtVi i1dh8XruZEtAMUqUToc3jj4gGZgn9deXfNgZxp1phVMjKq1CRpG965xCM3yE9iPV 4jmxeiFCqp0= =YJLI -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1 macOS Monterey 12.6.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213494. AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t) Audio Available for: macOS Monterey Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022 Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022 Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom) Entry added October 27, 2022 Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42801: Ian Beer of Google Project Zero Entry added October 27, 2022 ppp Available for: macOS Monterey Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022 Ruby Available for: macOS Monterey Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739 Sandbox Available for: macOS Monterey Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher zlib Available for: macOS Monterey Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022 Additional recognition Calendar We would like to acknowledge an anonymous researcher for their assistance. macOS Monterey 12.6.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. ========================================================================== Ubuntu Security Notice USN-5462-2 June 06, 2022 ruby2.3 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Ruby could be made to crash or read sensitive information when processing certain input. This update provides the corresponding CVE-2022-28739 update for ruby2.3 on Ubuntu 16.04 ESM. Original advisory details: It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libruby2.3 2.3.1-2~ubuntu16.04.16+esm3 ruby2.3 2.3.1-2~ubuntu16.04.16+esm3 In general, a standard system update will make all the necessary changes

Trust: 2.25

sources: NVD: CVE-2022-28739 // JVNDB: JVNDB-2022-011215 // VULHUB: VHN-420273 // VULMON: CVE-2022-28739 // PACKETSTORM: 168357 // PACKETSTORM: 169566 // PACKETSTORM: 169553 // PACKETSTORM: 169552 // PACKETSTORM: 167425

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	lt	version:	12.6.1	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	12.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	ruby lang	model:	ruby	scope:	gte	version:	2.7.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	ruby lang	model:	ruby	scope:	lt	version:	3.0.4	Trust: 1.0
vendor:	ruby lang	model:	ruby	scope:	gte	version:	3.1.0	Trust: 1.0
vendor:	ruby lang	model:	ruby	scope:	lt	version:	2.6.10	Trust: 1.0
vendor:	ruby lang	model:	ruby	scope:	lt	version:	3.1.2	Trust: 1.0
vendor:	ruby lang	model:	ruby	scope:	lt	version:	2.7.6	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.7.1	Trust: 1.0
vendor:	ruby lang	model:	ruby	scope:	gte	version:	3.0.0	Trust: 1.0
vendor:	ruby lang	model:	ruby	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-011215 // NVD: CVE-2022-28739

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-28739
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-28739
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202204-3369
value:	HIGH
Trust: 0.6
VULHUB:	VHN-420273
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-28739
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-28739
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-420273
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-28739
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-28739
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-420273 // VULMON: CVE-2022-28739 // CNNVD: CNNVD-202204-3369 // JVNDB: JVNDB-2022-011215 // NVD: CVE-2022-28739

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.1
problemtype:	Out-of-bounds read (CWE-125) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-420273 // JVNDB: JVNDB-2022-011215 // NVD: CVE-2022-28739

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-3369

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202204-3369

PATCH

title:	HT213493 Apple Security update	url:	https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html	Trust: 0.8
title:	Ruby Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=193537	Trust: 0.6
title:	Debian CVElist Bug Report Logs: ruby3.0: CVE-2022-28739	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=4f290816c3711b33b2aedd7bdd7e13d8	Trust: 0.1
title:	Ubuntu Security Notice: USN-5462-1: Ruby vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5462-1	Trust: 0.1
title:	Ubuntu Security Notice: USN-5462-2: Ruby vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5462-2	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2022-1638	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1638	Trust: 0.1
title:	Red Hat: Moderate: ruby:2.6 security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225338 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: ruby security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226585 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: ruby:2.7 security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226447 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: ruby:3.0 security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226450 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: rh-ruby27-ruby security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226856 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: ruby:2.5 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20237025 - Security Advisory	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2022-28739	Trust: 0.1
title:	Amazon Linux 2: ALASRUBY2.6-2023-001	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALASRUBY2.6-2023-001	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2022-1853	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1853	Trust: 0.1
title:	Red Hat: Moderate: rh-ruby30-ruby security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226855 - Security Advisory	Trust: 0.1
title:	Amazon Linux 2: ALASRUBY3.0-2023-002	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALASRUBY3.0-2023-002	Trust: 0.1
title:	Ruby Advisory Database	url:	https://github.com/rubysec/ruby-advisory-db	Trust: 0.1
title:	Ruby Advisory Database	url:	https://github.com/jasnow/585-652-ruby-advisory-db	Trust: 0.1
title:	veracode-container-security-finding-parser	url:	https://github.com/vincent-deng/veracode-container-security-finding-parser	Trust: 0.1

sources: VULMON: CVE-2022-28739 // CNNVD: CNNVD-202204-3369 // JVNDB: JVNDB-2022-011215

EXTERNAL IDS

db:	NVD	id:	CVE-2022-28739	Trust: 3.9
db:	HACKERONE	id:	1248108	Trust: 1.8
db:	ICS CERT	id:	ICSA-24-046-11	Trust: 0.9
db:	PACKETSTORM	id:	167425	Trust: 0.8
db:	JVN	id:	JVNVU91198149	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-011215	Trust: 0.8
db:	PACKETSTORM	id:	168360	Trust: 0.7
db:	PACKETSTORM	id:	168691	Trust: 0.7
db:	PACKETSTORM	id:	167654	Trust: 0.7
db:	PACKETSTORM	id:	169577	Trust: 0.7
db:	CS-HELP	id:	SB2022041404	Trust: 0.6
db:	CS-HELP	id:	SB2022060723	Trust: 0.6
db:	CS-HELP	id:	SB2022072010	Trust: 0.6
db:	CS-HELP	id:	SB2022070105	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.4673	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.5061	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.3320	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2802	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.5301	Trust: 0.6
db:	PACKETSTORM	id:	168445	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-3369	Trust: 0.6
db:	PACKETSTORM	id:	168357	Trust: 0.2
db:	PACKETSTORM	id:	169553	Trust: 0.2
db:	PACKETSTORM	id:	169552	Trust: 0.2
db:	PACKETSTORM	id:	169566	Trust: 0.2
db:	PACKETSTORM	id:	168692	Trust: 0.1
db:	PACKETSTORM	id:	167421	Trust: 0.1
db:	VULHUB	id:	VHN-420273	Trust: 0.1
db:	VULMON	id:	CVE-2022-28739	Trust: 0.1

sources: VULHUB: VHN-420273 // VULMON: CVE-2022-28739 // PACKETSTORM: 168357 // PACKETSTORM: 169566 // PACKETSTORM: 169553 // PACKETSTORM: 169552 // PACKETSTORM: 167425 // CNNVD: CNNVD-202204-3369 // JVNDB: JVNDB-2022-011215 // NVD: CVE-2022-28739

REFERENCES

url:	http://seclists.org/fulldisclosure/2022/oct/28	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2022/oct/29	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2022/oct/30	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2022/oct/41	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2022/oct/42	Trust: 1.8
url:	https://hackerone.com/reports/1248108	Trust: 1.8
url:	https://security-tracker.debian.org/tracker/cve-2022-28739	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20220624-0002/	Trust: 1.8
url:	https://support.apple.com/kb/ht213488	Trust: 1.8
url:	https://support.apple.com/kb/ht213493	Trust: 1.8
url:	https://support.apple.com/kb/ht213494	Trust: 1.8
url:	https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-28739	Trust: 1.3
url:	https://security.gentoo.org/glsa/202401-27	Trust: 1.1
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11	Trust: 0.9
url:	https://jvn.jp/vu/jvnvu91198149/index.html	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.2802	Trust: 0.6
url:	https://packetstormsecurity.com/files/168360/red-hat-security-advisory-2022-6447-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb20220720108	Trust: 0.6
url:	https://packetstormsecurity.com/files/167425/ubuntu-security-notice-usn-5462-2.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060723	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041404	Trust: 0.6
url:	https://packetstormsecurity.com/files/168445/red-hat-security-advisory-2022-6585-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.3320	Trust: 0.6
url:	https://packetstormsecurity.com/files/168691/red-hat-security-advisory-2022-6856-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5061	Trust: 0.6
url:	https://support.apple.com/en-us/ht213494	Trust: 0.6
url:	https://packetstormsecurity.com/files/169577/apple-security-advisory-2022-10-27-8.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/167654/red-hat-security-advisory-2022-5338-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.4673	Trust: 0.6
url:	https://vigilance.fr/vulnerability/ruby-buffer-overflow-via-string-to-float-conversion-38079	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5301	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022070105	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-28739/	Trust: 0.6
url:	https://support.apple.com/en-us/ht201222.	Trust: 0.3
url:	https://support.apple.com/downloads/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32862	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42825	Trust: 0.3
url:	https://www.apple.com/support/security/pgp/	Trust: 0.3
url:	https://ubuntu.com/security/notices/usn-5462-1	Trust: 0.2
url:	https://ubuntu.com/security/notices/usn-5462-2	Trust: 0.2
url:	https://support.apple.com/ht213494.	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009956	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-28739	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41817	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-41819	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-28738	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:6450	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-28738	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41819	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-41817	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42798	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-37434	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42801	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32944	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42803	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42800	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32941	Trust: 0.1
url:	https://support.apple.com/ht213493.	Trust: 0.1

CREDITS

Apple

Trust: 0.3

sources: PACKETSTORM: 169566 // PACKETSTORM: 169553 // PACKETSTORM: 169552

SOURCES

db:	VULHUB	id:	VHN-420273
db:	VULMON	id:	CVE-2022-28739
db:	PACKETSTORM	id:	168357
db:	PACKETSTORM	id:	169566
db:	PACKETSTORM	id:	169553
db:	PACKETSTORM	id:	169552
db:	PACKETSTORM	id:	167425
db:	CNNVD	id:	CNNVD-202204-3369
db:	JVNDB	id:	JVNDB-2022-011215
db:	NVD	id:	CVE-2022-28739

LAST UPDATE DATE

2025-10-10T22:58:10.623000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-420273	date:	2022-11-08T00:00:00
db:	VULMON	id:	CVE-2022-28739	date:	2024-01-24T00:00:00
db:	CNNVD	id:	CNNVD-202204-3369	date:	2023-06-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-011215	date:	2024-02-19T06:51:00
db:	NVD	id:	CVE-2022-28739	date:	2024-11-21T06:57:50.467

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-420273	date:	2022-05-09T00:00:00
db:	VULMON	id:	CVE-2022-28739	date:	2022-05-09T00:00:00
db:	PACKETSTORM	id:	168357	date:	2022-09-13T15:43:25
db:	PACKETSTORM	id:	169566	date:	2022-10-31T14:25:29
db:	PACKETSTORM	id:	169553	date:	2022-10-31T14:19:37
db:	PACKETSTORM	id:	169552	date:	2022-10-31T14:19:21
db:	PACKETSTORM	id:	167425	date:	2022-06-07T15:15:31
db:	CNNVD	id:	CNNVD-202204-3369	date:	2022-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2022-011215	date:	2023-08-21T00:00:00
db:	NVD	id:	CVE-2022-28739	date:	2022-05-09T18:15:08.540