CVE-2022-28738
CRITICAL severity · CVSS 9.8 · Double free
9.8CVSS CRITICAL
Summary
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)3%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: https://security-tracker.debian.org/tracker/CVE-2022-28738 ↗
Additional information
- NVD record
- https://security-tracker.debian.org/tracker/CVE-2022-28738Patch
- https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/Advisory
- https://hackerone.com/reports/1220911Advisory
- https://security.gentoo.org/glsa/202401-27
- https://security.netapp.com/advisory/ntap-20220624-0002/Advisory