CVE-2022-28739
09.05.2022, 18:15
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.Enginsight
| Vendor | Product | Version |
|---|---|---|
| ruby-lang | ruby | 𝑥 < 2.6.10 |
| ruby-lang | ruby | 2.7.0 ≤ 𝑥 < 2.7.6 |
| ruby-lang | ruby | 3.0.0 ≤ 𝑥 < 3.0.4 |
| ruby-lang | ruby | 3.1.0 ≤ 𝑥 < 3.1.2 |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
| apple | macos | 11.0 ≤ 𝑥 < 11.7.1 |
| apple | macos | 12.0 ≤ 𝑥 < 12.6.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References