vulnerability

Rocky Linux: CVE-2022-28738: ruby (Multiple Advisories)

Try Surface Command
Back to search
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
May 9, 2022
Added
Mar 12, 2024
Modified
Aug 13, 2025

Description

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.

Solutions

rocky-upgrade-rubyrocky-upgrade-ruby-debuginforocky-upgrade-ruby-debugsourcerocky-upgrade-ruby-develrocky-upgrade-ruby-libsrocky-upgrade-ruby-libs-debuginforocky-upgrade-rubygem-bigdecimalrocky-upgrade-rubygem-bigdecimal-debuginforocky-upgrade-rubygem-io-consolerocky-upgrade-rubygem-io-console-debuginforocky-upgrade-rubygem-jsonrocky-upgrade-rubygem-json-debuginforocky-upgrade-rubygem-mysql2rocky-upgrade-rubygem-mysql2-debuginforocky-upgrade-rubygem-mysql2-debugsourcerocky-upgrade-rubygem-pgrocky-upgrade-rubygem-pg-debuginforocky-upgrade-rubygem-pg-debugsourcerocky-upgrade-rubygem-psychrocky-upgrade-rubygem-psych-debuginfo

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today