CVE-2022-28738 - OpenCVE

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Ruby-lang	Ruby

Configuration 1 [-]

OR	cpe:2.3:a:ruby-lang:ruby::::::::
	cpe:2.3:a:ruby-lang:ruby::::::::

References

Link	Resource
https://hackerone.com/reports/1220911	Permissions Required Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2022-28738	Patch Third Party Advisory
https://security.gentoo.org/glsa/202401-27
https://security.netapp.com/advisory/ntap-20220624-0002/	Third Party Advisory
https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-05-09T00:00:00

Updated: 2024-01-24T05:06:35.199929

Reserved: 2022-04-06T00:00:00

Link: CVE-2022-28738

JSON object: View

NVD Information

Status : Modified

Published: 2022-05-09T18:15:08.490

Modified: 2024-01-24T05:15:12.147

Link: CVE-2022-28738

JSON object: View

Redhat Information

No data.

CWE

CWE-415

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "matchCriteriaId": "3BD89956-E0A9-46F1-BA21-48C29B7CF634", "versionEndExcluding": "3.0.4", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "matchCriteriaId": "D78DCF3F-3444-4E43-B278-30E6A905D315", "versionEndExcluding": "3.1.2", "versionStartIncluding": "3.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations."}, {"lang": "es", "value": "Se ha encontrado una doble liberaci\u00f3n en el compilador de Regexp en Ruby versiones 3.x anteriores a 3.0.4 y versiones 3.1.x anteriores a 3.1.2. Si una v\u00edctima intenta crear un Regexp a partir de una entrada de usuario no confiable, un atacante puede ser capaz de escribir en ubicaciones de memoria no esperadas"}], "id": "CVE-2022-28738", "lastModified": "2024-01-24T05:15:12.147", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-09T18:15:08.490", "references": [{"source": "cve@mitre.org", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://hackerone.com/reports/1220911"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2022-28738"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/202401-27"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220624-0002/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "nvd@nist.gov", "type": "Primary"}]}