ID

VAR-202204-0855


CVE

CVE-2022-28739


TITLE

Ruby Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202204-3369

DESCRIPTION

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. 7) - noarch, x86_64 3. Bug Fix(es): * ruby 3.0: User-installed rubygems plugins are not being loaded [RHEL8] (BZ#2110981) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby security, bug fix, and enhancement update Advisory ID: RHSA-2022:6585-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6585 Issue date: 2022-09-20 CVE Names: CVE-2022-28738 CVE-2022-28739 ==================================================================== 1. Summary: An update for ruby is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 9) - noarch Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.0.4). (BZ#2109428) Security Fix(es): * Ruby: Double free in Regexp compilation (CVE-2022-28738) * Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2075685 - CVE-2022-28738 Ruby: Double free in Regexp compilation 2075687 - CVE-2022-28739 Ruby: Buffer overrun in String-to-Float conversion 2109428 - ruby:3.0/ruby: Rebase to the latest Ruby 3.0 release [rhel-9] [rhel-9.0.0.z] 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: ruby-3.0.4-160.el9_0.src.rpm aarch64: ruby-3.0.4-160.el9_0.aarch64.rpm ruby-debuginfo-3.0.4-160.el9_0.aarch64.rpm ruby-debugsource-3.0.4-160.el9_0.aarch64.rpm ruby-devel-3.0.4-160.el9_0.aarch64.rpm ruby-libs-3.0.4-160.el9_0.aarch64.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.aarch64.rpm rubygem-bigdecimal-3.0.0-160.el9_0.aarch64.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.aarch64.rpm rubygem-io-console-0.5.7-160.el9_0.aarch64.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.aarch64.rpm rubygem-json-2.5.1-160.el9_0.aarch64.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.aarch64.rpm rubygem-psych-3.3.2-160.el9_0.aarch64.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.aarch64.rpm noarch: ruby-default-gems-3.0.4-160.el9_0.noarch.rpm rubygem-bundler-2.2.33-160.el9_0.noarch.rpm rubygem-irb-1.3.5-160.el9_0.noarch.rpm rubygem-minitest-5.14.2-160.el9_0.noarch.rpm rubygem-power_assert-1.2.0-160.el9_0.noarch.rpm rubygem-rake-13.0.3-160.el9_0.noarch.rpm rubygem-rbs-1.4.0-160.el9_0.noarch.rpm rubygem-rdoc-6.3.3-160.el9_0.noarch.rpm rubygem-rexml-3.2.5-160.el9_0.noarch.rpm rubygem-rss-0.2.9-160.el9_0.noarch.rpm rubygem-test-unit-3.3.7-160.el9_0.noarch.rpm rubygem-typeprof-0.15.2-160.el9_0.noarch.rpm rubygems-3.2.33-160.el9_0.noarch.rpm rubygems-devel-3.2.33-160.el9_0.noarch.rpm ppc64le: ruby-3.0.4-160.el9_0.ppc64le.rpm ruby-debuginfo-3.0.4-160.el9_0.ppc64le.rpm ruby-debugsource-3.0.4-160.el9_0.ppc64le.rpm ruby-devel-3.0.4-160.el9_0.ppc64le.rpm ruby-libs-3.0.4-160.el9_0.ppc64le.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.ppc64le.rpm rubygem-bigdecimal-3.0.0-160.el9_0.ppc64le.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.ppc64le.rpm rubygem-io-console-0.5.7-160.el9_0.ppc64le.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.ppc64le.rpm rubygem-json-2.5.1-160.el9_0.ppc64le.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.ppc64le.rpm rubygem-psych-3.3.2-160.el9_0.ppc64le.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.ppc64le.rpm s390x: ruby-3.0.4-160.el9_0.s390x.rpm ruby-debuginfo-3.0.4-160.el9_0.s390x.rpm ruby-debugsource-3.0.4-160.el9_0.s390x.rpm ruby-devel-3.0.4-160.el9_0.s390x.rpm ruby-libs-3.0.4-160.el9_0.s390x.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.s390x.rpm rubygem-bigdecimal-3.0.0-160.el9_0.s390x.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.s390x.rpm rubygem-io-console-0.5.7-160.el9_0.s390x.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.s390x.rpm rubygem-json-2.5.1-160.el9_0.s390x.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.s390x.rpm rubygem-psych-3.3.2-160.el9_0.s390x.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.s390x.rpm x86_64: ruby-3.0.4-160.el9_0.i686.rpm ruby-3.0.4-160.el9_0.x86_64.rpm ruby-debuginfo-3.0.4-160.el9_0.i686.rpm ruby-debuginfo-3.0.4-160.el9_0.x86_64.rpm ruby-debugsource-3.0.4-160.el9_0.i686.rpm ruby-debugsource-3.0.4-160.el9_0.x86_64.rpm ruby-devel-3.0.4-160.el9_0.i686.rpm ruby-devel-3.0.4-160.el9_0.x86_64.rpm ruby-libs-3.0.4-160.el9_0.i686.rpm ruby-libs-3.0.4-160.el9_0.x86_64.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.i686.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.x86_64.rpm rubygem-bigdecimal-3.0.0-160.el9_0.x86_64.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.i686.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.x86_64.rpm rubygem-io-console-0.5.7-160.el9_0.x86_64.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.i686.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.x86_64.rpm rubygem-json-2.5.1-160.el9_0.x86_64.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.i686.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.x86_64.rpm rubygem-psych-3.3.2-160.el9_0.x86_64.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.i686.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.x86_64.rpm Red Hat CodeReady Linux Builder (v. 9): noarch: ruby-doc-3.0.4-160.el9_0.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-28738 https://access.redhat.com/security/cve/CVE-2022-28739 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYypfvtzjgjWX9erEAQjaXQ/+LfzraWPwLDEBfxU87XekVmDQn/KHLw0Q TPgRpDtvfVkmSDDCEvYvvMOYSW3MdNmNJOwPhQyJT3cBrq0zHUog0ejoJO5jV3B1 rOStJ/EfwskmCVaPehhJvGfrKVr2l6Uo8SH0zrLMKBtqd42/GrO2eiDs/xxhVq5U wvgecfUQY8lfpJ25ELa/081aAe4Cg4NN7WShf7DFJ2tw+f/IguCWi+CHZoavv3AQ T7So/dbIjFJmliaPcTkvW02m+JHxNGduXJfelMXB72eyJR7/jEK7OvfE89a18yZ8 P38biUIPZFNaLW1SN62GnA8Qby6g9C/1x+pXssEQ6fo1qJPk/bW6qYfPWWM4Op5N VsTFDx7EAZRCQFnyczTcaUE7g9s4ZovK4qMqTZq9BhP25m9yisvV1jizNpSU6vMi h37/Mi0gcOOcjbtj8Nlbtx+QsHFJvOgTjDIiwPVllMpxygWjSRRnR+LBoTHCPlP2 ZG5q8MGwZAIfzKSP9Fjg58rJoiWnzyJWFLEym38lfrrjch21CtgaKm28wrKQ18PC 7GQ/A/rARWMfAKnFYEO4zF07kidgTwyVJI5RJv8b9x4vLo7/G80CVDXIYjEDP4FR 7fNpEfc9/owximR5WpTds3GfzTDSKzNonHX/oNhIaJLkQ27RTSPXORzxtAsz2a6j jbIYxx9rQto=komJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================= Ubuntu Security Notice USN-5462-1 June 06, 2022 ruby2.5, ruby2.7, ruby3.0 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Ruby. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-28738) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-28739) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: libruby3.0 3.0.2-7ubuntu2.1 ruby3.0 3.0.2-7ubuntu2.1 Ubuntu 21.10: libruby2.7 2.7.4-1ubuntu3.2 ruby2.7 2.7.4-1ubuntu3.2 Ubuntu 20.04 LTS: libruby2.7 2.7.0-5ubuntu1.7 ruby2.7 2.7.0-5ubuntu1.7 Ubuntu 18.04 LTS: libruby2.5 2.5.1-1ubuntu1.12 ruby2.5 2.5.1-1ubuntu1.12 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1 macOS Monterey 12.6.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213494. AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t) Audio Available for: macOS Monterey Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022 Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022 Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom) Entry added October 27, 2022 Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42801: Ian Beer of Google Project Zero Entry added October 27, 2022 ppp Available for: macOS Monterey Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022 Ruby Available for: macOS Monterey Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739 Sandbox Available for: macOS Monterey Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher zlib Available for: macOS Monterey Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022 Additional recognition Calendar We would like to acknowledge an anonymous researcher for their assistance. macOS Monterey 12.6.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222

Trust: 1.62

sources: NVD: CVE-2022-28739 // VULHUB: VHN-420273 // PACKETSTORM: 168691 // PACKETSTORM: 168357 // PACKETSTORM: 168445 // PACKETSTORM: 167421 // PACKETSTORM: 169566 // PACKETSTORM: 169553 // PACKETSTORM: 167654

AFFECTED PRODUCTS

vendor:applemodel:macosscope:ltversion:12.6.1

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:ruby langmodel:rubyscope:gteversion:2.7.0

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:ruby langmodel:rubyscope:ltversion:3.0.4

Trust: 1.0

vendor:ruby langmodel:rubyscope:gteversion:3.1.0

Trust: 1.0

vendor:ruby langmodel:rubyscope:ltversion:2.6.10

Trust: 1.0

vendor:ruby langmodel:rubyscope:ltversion:3.1.2

Trust: 1.0

vendor:ruby langmodel:rubyscope:ltversion:2.7.6

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.7.1

Trust: 1.0

vendor:ruby langmodel:rubyscope:gteversion:3.0.0

Trust: 1.0

sources: NVD: CVE-2022-28739

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-28739
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202204-3369
value: HIGH

Trust: 0.6

VULHUB: VHN-420273
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-28739
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-420273
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-28739
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-420273 // CNNVD: CNNVD-202204-3369 // NVD: CVE-2022-28739

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

sources: VULHUB: VHN-420273 // NVD: CVE-2022-28739

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-3369

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202204-3369

PATCH

title:Ruby Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=193537

Trust: 0.6

sources: CNNVD: CNNVD-202204-3369

EXTERNAL IDS

db:NVDid:CVE-2022-28739

Trust: 2.4

db:HACKERONEid:1248108

Trust: 1.7

db:PACKETSTORMid:168691

Trust: 0.8

db:PACKETSTORMid:167654

Trust: 0.8

db:PACKETSTORMid:168360

Trust: 0.7

db:PACKETSTORMid:167425

Trust: 0.7

db:PACKETSTORMid:169577

Trust: 0.7

db:PACKETSTORMid:168445

Trust: 0.7

db:CS-HELPid:SB2022041404

Trust: 0.6

db:CS-HELPid:SB2022060723

Trust: 0.6

db:CS-HELPid:SB2022072010

Trust: 0.6

db:CS-HELPid:SB2022070105

Trust: 0.6

db:AUSCERTid:ESB-2022.4673

Trust: 0.6

db:AUSCERTid:ESB-2022.5061

Trust: 0.6

db:AUSCERTid:ESB-2023.3320

Trust: 0.6

db:AUSCERTid:ESB-2022.2802

Trust: 0.6

db:AUSCERTid:ESB-2022.5301

Trust: 0.6

db:CNNVDid:CNNVD-202204-3369

Trust: 0.6

db:PACKETSTORMid:168357

Trust: 0.2

db:PACKETSTORMid:169553

Trust: 0.2

db:PACKETSTORMid:167421

Trust: 0.2

db:PACKETSTORMid:169566

Trust: 0.2

db:PACKETSTORMid:168692

Trust: 0.1

db:PACKETSTORMid:169552

Trust: 0.1

db:VULHUBid:VHN-420273

Trust: 0.1

sources: VULHUB: VHN-420273 // PACKETSTORM: 168691 // PACKETSTORM: 168357 // PACKETSTORM: 168445 // PACKETSTORM: 167421 // PACKETSTORM: 169566 // PACKETSTORM: 169553 // PACKETSTORM: 167654 // CNNVD: CNNVD-202204-3369 // NVD: CVE-2022-28739

REFERENCES

url:http://seclists.org/fulldisclosure/2022/oct/28

Trust: 1.7

url:http://seclists.org/fulldisclosure/2022/oct/29

Trust: 1.7

url:http://seclists.org/fulldisclosure/2022/oct/30

Trust: 1.7

url:http://seclists.org/fulldisclosure/2022/oct/41

Trust: 1.7

url:http://seclists.org/fulldisclosure/2022/oct/42

Trust: 1.7

url:https://hackerone.com/reports/1248108

Trust: 1.7

url:https://security-tracker.debian.org/tracker/cve-2022-28739

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20220624-0002/

Trust: 1.7

url:https://support.apple.com/kb/ht213488

Trust: 1.7

url:https://support.apple.com/kb/ht213493

Trust: 1.7

url:https://support.apple.com/kb/ht213494

Trust: 1.7

url:https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html

Trust: 1.6

url:https://security.gentoo.org/glsa/202401-27

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2022-28739

Trust: 0.7

url:https://www.auscert.org.au/bulletins/esb-2022.2802

Trust: 0.6

url:https://packetstormsecurity.com/files/168360/red-hat-security-advisory-2022-6447-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb20220720108

Trust: 0.6

url:https://packetstormsecurity.com/files/167425/ubuntu-security-notice-usn-5462-2.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022060723

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022041404

Trust: 0.6

url:https://packetstormsecurity.com/files/168445/red-hat-security-advisory-2022-6585-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3320

Trust: 0.6

url:https://packetstormsecurity.com/files/168691/red-hat-security-advisory-2022-6856-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5061

Trust: 0.6

url:https://support.apple.com/en-us/ht213494

Trust: 0.6

url:https://packetstormsecurity.com/files/169577/apple-security-advisory-2022-10-27-8.html

Trust: 0.6

url:https://packetstormsecurity.com/files/167654/red-hat-security-advisory-2022-5338-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4673

Trust: 0.6

url:https://vigilance.fr/vulnerability/ruby-buffer-overflow-via-string-to-float-conversion-38079

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5301

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022070105

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-28739/

Trust: 0.6

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.4

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-28739

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-28738

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-41819

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-41817

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-41819

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-41817

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-28738

Trust: 0.2

url:https://support.apple.com/en-us/ht201222.

Trust: 0.2

url:https://support.apple.com/downloads/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32862

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-42825

Trust: 0.2

url:https://www.apple.com/support/security/pgp/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-41816

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6856

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41816

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6450

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6585

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ruby3.0/3.0.2-7ubuntu2.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ruby2.7/2.7.4-1ubuntu3.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ruby2.5/2.5.1-1ubuntu1.12

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5462-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.7

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42798

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-37434

Trust: 0.1

url:https://support.apple.com/ht213494.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42801

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32944

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42803

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42800

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32941

Trust: 0.1

url:https://support.apple.com/ht213493.

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5338

Trust: 0.1

sources: VULHUB: VHN-420273 // PACKETSTORM: 168691 // PACKETSTORM: 168357 // PACKETSTORM: 168445 // PACKETSTORM: 167421 // PACKETSTORM: 169566 // PACKETSTORM: 169553 // PACKETSTORM: 167654 // CNNVD: CNNVD-202204-3369 // NVD: CVE-2022-28739

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 168691 // PACKETSTORM: 168357 // PACKETSTORM: 168445 // PACKETSTORM: 167654

SOURCES

db:VULHUBid:VHN-420273
db:PACKETSTORMid:168691
db:PACKETSTORMid:168357
db:PACKETSTORMid:168445
db:PACKETSTORMid:167421
db:PACKETSTORMid:169566
db:PACKETSTORMid:169553
db:PACKETSTORMid:167654
db:CNNVDid:CNNVD-202204-3369
db:NVDid:CVE-2022-28739

LAST UPDATE DATE

2024-11-23T20:01:08.146000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-420273date:2022-11-08T00:00:00
db:CNNVDid:CNNVD-202204-3369date:2023-06-13T00:00:00
db:NVDid:CVE-2022-28739date:2024-11-21T06:57:50.467

SOURCES RELEASE DATE

db:VULHUBid:VHN-420273date:2022-05-09T00:00:00
db:PACKETSTORMid:168691date:2022-10-11T16:06:47
db:PACKETSTORMid:168357date:2022-09-13T15:43:25
db:PACKETSTORMid:168445date:2022-09-21T13:50:28
db:PACKETSTORMid:167421date:2022-06-07T15:13:54
db:PACKETSTORMid:169566date:2022-10-31T14:25:29
db:PACKETSTORMid:169553date:2022-10-31T14:19:37
db:PACKETSTORMid:167654date:2022-07-01T14:58:20
db:CNNVDid:CNNVD-202204-3369date:2022-04-14T00:00:00
db:NVDid:CVE-2022-28739date:2022-05-09T18:15:08.540