6. CVE-2022-28739: Buffer overrun in String-to-Float conversion

CVE-2022-28739: Buffer overrun in String-to-Float conversion


  • A buffer-overrun vulnerability is discovered in a conversion algorithm from a String to a Float. This vulnerability has been assigned the CVE identifier CVE-2022-28739. We strongly recommend upgrading Ruby.

    Details

    Due to a bug in an internal function that converts a String to a Float, some convertion methods like Kernel#Float and String#to_f could cause buffer over-read. A typical consequence is a process termination due to segmentation fault, but in a limited circumstances, it may be exploitable for illegal memory read.

    Please update Ruby to 2.6.10, 2.7.6, 3.0.4, or 3.1.2.

    Affected versions

    • ruby 2.6.9 or prior
    • ruby 2.7.5 or prior
    • ruby 3.0.3 or prior
    • ruby 3.1.1 or prior

    Credits

    Thanks to piao for discovering this issue.

    History

    • Originally published at 2022-04-12 12:00:00 (UTC)

    Posted by mame on 12 Apr 2022



    https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/
Log in to reply
 

© Lightnetics 2024