CVE-2022-28739 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 54%

Affected Products (NVD)

Vendor	Product	Version
ruby-lang	ruby	𝑥 < 2.6.10
ruby-lang	ruby	2.7.0 ≤ 𝑥 < 2.7.6
ruby-lang	ruby	3.0.0 ≤ 𝑥 < 3.0.4
ruby-lang	ruby	3.1.0 ≤ 𝑥 < 3.1.2
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
apple	macos	11.0 ≤ 𝑥 < 11.7.1
apple	macos	12.0 ≤ 𝑥 < 12.6.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

ruby2.7

bullseye	vulnerable
bullseye (security)	2.7.4-1+deb11u2 fixed
stretch	postponed

Ubuntu Releases

Ubuntu Product

Codename

ruby2.3

xenial

Fixed 2.3.1-2~ubuntu16.04.16+esm3

released

ruby2.5

bionic

Fixed 2.5.1-1ubuntu1.12

released

ruby2.7

focal	Fixed 2.7.0-5ubuntu1.7 released
impish	Fixed 2.7.4-1ubuntu3.2 released
jammy	dne

ruby3.0

jammy	Fixed 3.0.2-7ubuntu2.1 released
kinetic	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

libruby2_5-2_5

suse enterprise desktop 15 SP3	2.5.9-150000.4.23.1 fixed
suse enterprise desktop 15 SP4	2.5.9-150000.4.23.1 fixed
suse enterprise desktop 15 SP5	2.5.9-150000.4.23.1 fixed
suse enterprise desktop 15 SP6	2.5.9-150000.4.23.1 fixed
suse enterprise desktop 15 SP7	2.5.9-150700.22.16 fixed
suse enterprise sap 15	2.5.9-150000.4.23.1 fixed
suse enterprise sap 15 SP1	2.5.9-150000.4.23.1 fixed
suse enterprise sap 15 SP2	2.5.9-150000.4.23.1 fixed
suse enterprise sap 15 SP3	2.5.9-150000.4.23.1 fixed
suse enterprise sap 15 SP4	2.5.9-150000.4.23.1 fixed
suse enterprise sap 15 SP5	2.5.9-150000.4.23.1 fixed
suse enterprise sap 15 SP6	2.5.9-150000.4.23.1 fixed
suse enterprise sap 15 SP7	2.5.9-150700.22.16 fixed
suse enterprise server 15	2.5.9-150000.4.23.1 fixed
suse enterprise server 15 SP1	2.5.9-150000.4.23.1 fixed
suse enterprise server 15 SP2	2.5.9-150000.4.23.1 fixed
suse enterprise server 15 SP3	2.5.9-150000.4.23.1 fixed
suse enterprise server 15 SP4	2.5.9-150000.4.23.1 fixed
suse enterprise server 15 SP5	2.5.9-150000.4.23.1 fixed
suse enterprise server 15 SP6	2.5.9-150000.4.23.1 fixed
suse enterprise server 15 SP7	2.5.9-150700.22.16 fixed

libruby3_4-3_4

suse enterprise desktop 15 SP7	3.4.1-150700.1.11 fixed
suse enterprise sap 15 SP7	3.4.1-150700.1.11 fixed
suse enterprise server 15 SP7	3.4.1-150700.1.11 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

ruby

RHEL 9

0:3.0.4-160.el9_0

fixed

ruby-default-gems

RHEL 9

0:3.0.4-160.el9_0

fixed

ruby-devel

RHEL 9

0:3.0.4-160.el9_0

fixed

ruby-doc

RHEL 9

0:3.0.4-160.el9_0

fixed

ruby-libs

RHEL 9

0:3.0.4-160.el9_0

fixed

rubygem-bigdecimal

RHEL 9

0:3.0.0-160.el9_0

fixed

rubygem-bundler

RHEL 9

0:2.2.33-160.el9_0

fixed

rubygem-io-console

RHEL 9

0:0.5.7-160.el9_0

fixed

rubygem-irb

RHEL 9

0:1.3.5-160.el9_0

fixed

rubygem-json

RHEL 9

0:2.5.1-160.el9_0

fixed

rubygem-minitest

RHEL 9

0:5.14.2-160.el9_0

fixed

rubygem-power

RHEL 9

0:1.2.0-160.el9_0

fixed

rubygem-psych

RHEL 9

0:3.3.2-160.el9_0

fixed

rubygem-rake

RHEL 9

0:13.0.3-160.el9_0

fixed

rubygem-rbs

RHEL 9

0:1.4.0-160.el9_0

fixed

rubygem-rdoc

RHEL 9

0:6.3.3-160.el9_0

fixed

rubygem-rexml

RHEL 9

0:3.2.5-160.el9_0

fixed

rubygem-rss

RHEL 9

0:0.2.9-160.el9_0

fixed

rubygem-test-unit

RHEL 9

0:3.3.7-160.el9_0

fixed

rubygem-typeprof

RHEL 9

0:0.15.2-160.el9_0

fixed

rubygems

RHEL 9

0:3.2.33-160.el9_0

fixed

rubygems-devel

RHEL 9

0:3.2.33-160.el9_0

fixed

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

http://seclists.org/fulldisclosure/2022/Oct/28

http://seclists.org/fulldisclosure/2022/Oct/29

http://seclists.org/fulldisclosure/2022/Oct/30

http://seclists.org/fulldisclosure/2022/Oct/41

http://seclists.org/fulldisclosure/2022/Oct/42

https://hackerone.com/reports/1248108

https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html

https://security-tracker.debian.org/tracker/CVE-2022-28739

https://security.gentoo.org/glsa/202401-27

https://security.netapp.com/advisory/ntap-20220624-0002/

https://support.apple.com/kb/HT213488

https://support.apple.com/kb/HT213493

https://support.apple.com/kb/HT213494

https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/

http://seclists.org/fulldisclosure/2022/Oct/28

http://seclists.org/fulldisclosure/2022/Oct/29

http://seclists.org/fulldisclosure/2022/Oct/30

http://seclists.org/fulldisclosure/2022/Oct/41

http://seclists.org/fulldisclosure/2022/Oct/42

https://hackerone.com/reports/1248108

https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html

https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html

https://security-tracker.debian.org/tracker/CVE-2022-28739

https://security.gentoo.org/glsa/202401-27

https://security.netapp.com/advisory/ntap-20220624-0002/

https://support.apple.com/kb/HT213488

https://support.apple.com/kb/HT213493

https://support.apple.com/kb/HT213494

https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/