FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Ruby -- Double free in Regexp compilation

Affected packages
3.0.0,1 <= ruby < 3.0.4,1
3.1.0,1 <= ruby < 3.1.2,1
3.2.0.p1,1 <= ruby < 3.2.0.p1_1,1
3.0.0,1 <= ruby30 < 3.0.4,1
3.1.0,1 <= ruby31 < 3.1.2,1
3.2.0.p1,1 <= ruby32 < 3.2.0.p1_1,1

Details

VuXML ID f22144d7-bad1-11ec-9cfe-0800270512f4
Discovery 2022-04-12
Entry 2022-04-13

piao reports:

Due to a bug in the Regexp compilation process, creating a Regexp object with a crafted source string could cause the same memory to be freed twice. This is known as a "double free" vulnerability. Note that, in general, it is considered unsafe to create and use a Regexp object generated from untrusted input. In this case, however, following a comprehensive assessment, we treat this issue as a vulnerability.

[source]

References

CVE Name CVE-2022-28738
URL https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.