FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rubygem-time -- ReDoS vulnerability

Affected packages
2.7.0,1 <= ruby < 2.7.8,1
3.0.0,1 <= ruby < 3.0.6,1
3.1.0,1 <= ruby < 3.1.4,1
3.2.0.p1,1 <= ruby < 3.2.2,1
2.7.0,1 <= ruby27 < 2.7.8,1
3.0.0,1 <= ruby30 < 3.0.6,1
3.1.0,1 <= ruby31 < 3.1.4,1
3.2.0.p1,1 <= ruby32 < 3.2.2,1
rubygem-time < 0.2.2

Details

VuXML ID 6bd2773c-cf1a-11ed-bd44-080027f5fec9
Discovery 2023-03-30
Entry 2023-03-30

ooooooo_q reports:

The Time parser mishandles invalid strings that have specific characters. It causes an increase in execution time for parsing strings to Time objects.

[source]

References

CVE Name CVE-2023-28756
URL https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.