Details of VAR-202204-0855

ID

VAR-202204-0855

CVE

CVE-2022-28739

TITLE

Ruby Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202204-3369

DESCRIPTION

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. 7) - noarch, x86_64 3. Bug Fix(es): * ruby 3.0: User-installed rubygems plugins are not being loaded [RHEL8] (BZ#2110981) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby security, bug fix, and enhancement update Advisory ID: RHSA-2022:6585-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6585 Issue date: 2022-09-20 CVE Names: CVE-2022-28738 CVE-2022-28739 ==================================================================== 1. Summary: An update for ruby is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 9) - noarch Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.0.4). (BZ#2109428) Security Fix(es): * Ruby: Double free in Regexp compilation (CVE-2022-28738) * Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2075685 - CVE-2022-28738 Ruby: Double free in Regexp compilation 2075687 - CVE-2022-28739 Ruby: Buffer overrun in String-to-Float conversion 2109428 - ruby:3.0/ruby: Rebase to the latest Ruby 3.0 release [rhel-9] [rhel-9.0.0.z] 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: ruby-3.0.4-160.el9_0.src.rpm aarch64: ruby-3.0.4-160.el9_0.aarch64.rpm ruby-debuginfo-3.0.4-160.el9_0.aarch64.rpm ruby-debugsource-3.0.4-160.el9_0.aarch64.rpm ruby-devel-3.0.4-160.el9_0.aarch64.rpm ruby-libs-3.0.4-160.el9_0.aarch64.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.aarch64.rpm rubygem-bigdecimal-3.0.0-160.el9_0.aarch64.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.aarch64.rpm rubygem-io-console-0.5.7-160.el9_0.aarch64.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.aarch64.rpm rubygem-json-2.5.1-160.el9_0.aarch64.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.aarch64.rpm rubygem-psych-3.3.2-160.el9_0.aarch64.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.aarch64.rpm noarch: ruby-default-gems-3.0.4-160.el9_0.noarch.rpm rubygem-bundler-2.2.33-160.el9_0.noarch.rpm rubygem-irb-1.3.5-160.el9_0.noarch.rpm rubygem-minitest-5.14.2-160.el9_0.noarch.rpm rubygem-power_assert-1.2.0-160.el9_0.noarch.rpm rubygem-rake-13.0.3-160.el9_0.noarch.rpm rubygem-rbs-1.4.0-160.el9_0.noarch.rpm rubygem-rdoc-6.3.3-160.el9_0.noarch.rpm rubygem-rexml-3.2.5-160.el9_0.noarch.rpm rubygem-rss-0.2.9-160.el9_0.noarch.rpm rubygem-test-unit-3.3.7-160.el9_0.noarch.rpm rubygem-typeprof-0.15.2-160.el9_0.noarch.rpm rubygems-3.2.33-160.el9_0.noarch.rpm rubygems-devel-3.2.33-160.el9_0.noarch.rpm ppc64le: ruby-3.0.4-160.el9_0.ppc64le.rpm ruby-debuginfo-3.0.4-160.el9_0.ppc64le.rpm ruby-debugsource-3.0.4-160.el9_0.ppc64le.rpm ruby-devel-3.0.4-160.el9_0.ppc64le.rpm ruby-libs-3.0.4-160.el9_0.ppc64le.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.ppc64le.rpm rubygem-bigdecimal-3.0.0-160.el9_0.ppc64le.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.ppc64le.rpm rubygem-io-console-0.5.7-160.el9_0.ppc64le.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.ppc64le.rpm rubygem-json-2.5.1-160.el9_0.ppc64le.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.ppc64le.rpm rubygem-psych-3.3.2-160.el9_0.ppc64le.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.ppc64le.rpm s390x: ruby-3.0.4-160.el9_0.s390x.rpm ruby-debuginfo-3.0.4-160.el9_0.s390x.rpm ruby-debugsource-3.0.4-160.el9_0.s390x.rpm ruby-devel-3.0.4-160.el9_0.s390x.rpm ruby-libs-3.0.4-160.el9_0.s390x.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.s390x.rpm rubygem-bigdecimal-3.0.0-160.el9_0.s390x.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.s390x.rpm rubygem-io-console-0.5.7-160.el9_0.s390x.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.s390x.rpm rubygem-json-2.5.1-160.el9_0.s390x.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.s390x.rpm rubygem-psych-3.3.2-160.el9_0.s390x.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.s390x.rpm x86_64: ruby-3.0.4-160.el9_0.i686.rpm ruby-3.0.4-160.el9_0.x86_64.rpm ruby-debuginfo-3.0.4-160.el9_0.i686.rpm ruby-debuginfo-3.0.4-160.el9_0.x86_64.rpm ruby-debugsource-3.0.4-160.el9_0.i686.rpm ruby-debugsource-3.0.4-160.el9_0.x86_64.rpm ruby-devel-3.0.4-160.el9_0.i686.rpm ruby-devel-3.0.4-160.el9_0.x86_64.rpm ruby-libs-3.0.4-160.el9_0.i686.rpm ruby-libs-3.0.4-160.el9_0.x86_64.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.i686.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.x86_64.rpm rubygem-bigdecimal-3.0.0-160.el9_0.x86_64.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.i686.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.x86_64.rpm rubygem-io-console-0.5.7-160.el9_0.x86_64.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.i686.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.x86_64.rpm rubygem-json-2.5.1-160.el9_0.x86_64.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.i686.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.x86_64.rpm rubygem-psych-3.3.2-160.el9_0.x86_64.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.i686.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.x86_64.rpm Red Hat CodeReady Linux Builder (v. 9): noarch: ruby-doc-3.0.4-160.el9_0.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-28738 https://access.redhat.com/security/cve/CVE-2022-28739 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYypfvtzjgjWX9erEAQjaXQ/+LfzraWPwLDEBfxU87XekVmDQn/KHLw0Q TPgRpDtvfVkmSDDCEvYvvMOYSW3MdNmNJOwPhQyJT3cBrq0zHUog0ejoJO5jV3B1 rOStJ/EfwskmCVaPehhJvGfrKVr2l6Uo8SH0zrLMKBtqd42/GrO2eiDs/xxhVq5U wvgecfUQY8lfpJ25ELa/081aAe4Cg4NN7WShf7DFJ2tw+f/IguCWi+CHZoavv3AQ T7So/dbIjFJmliaPcTkvW02m+JHxNGduXJfelMXB72eyJR7/jEK7OvfE89a18yZ8 P38biUIPZFNaLW1SN62GnA8Qby6g9C/1x+pXssEQ6fo1qJPk/bW6qYfPWWM4Op5N VsTFDx7EAZRCQFnyczTcaUE7g9s4ZovK4qMqTZq9BhP25m9yisvV1jizNpSU6vMi h37/Mi0gcOOcjbtj8Nlbtx+QsHFJvOgTjDIiwPVllMpxygWjSRRnR+LBoTHCPlP2 ZG5q8MGwZAIfzKSP9Fjg58rJoiWnzyJWFLEym38lfrrjch21CtgaKm28wrKQ18PC 7GQ/A/rARWMfAKnFYEO4zF07kidgTwyVJI5RJv8b9x4vLo7/G80CVDXIYjEDP4FR 7fNpEfc9/owximR5WpTds3GfzTDSKzNonHX/oNhIaJLkQ27RTSPXORzxtAsz2a6j jbIYxx9rQto=komJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================= Ubuntu Security Notice USN-5462-1 June 06, 2022 ruby2.5, ruby2.7, ruby3.0 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Ruby. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-28738) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-28739) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: libruby3.0 3.0.2-7ubuntu2.1 ruby3.0 3.0.2-7ubuntu2.1 Ubuntu 21.10: libruby2.7 2.7.4-1ubuntu3.2 ruby2.7 2.7.4-1ubuntu3.2 Ubuntu 20.04 LTS: libruby2.7 2.7.0-5ubuntu1.7 ruby2.7 2.7.0-5ubuntu1.7 Ubuntu 18.04 LTS: libruby2.5 2.5.1-1ubuntu1.12 ruby2.5 2.5.1-1ubuntu1.12 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1 macOS Monterey 12.6.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213494. AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t) Audio Available for: macOS Monterey Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022 Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022 Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom) Entry added October 27, 2022 Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42801: Ian Beer of Google Project Zero Entry added October 27, 2022 ppp Available for: macOS Monterey Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022 Ruby Available for: macOS Monterey Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739 Sandbox Available for: macOS Monterey Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher zlib Available for: macOS Monterey Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022 Additional recognition Calendar We would like to acknowledge an anonymous researcher for their assistance. macOS Monterey 12.6.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222

Trust: 1.62

sources: NVD: CVE-2022-28739 // VULHUB: VHN-420273 // PACKETSTORM: 168691 // PACKETSTORM: 168357 // PACKETSTORM: 168445 // PACKETSTORM: 167421 // PACKETSTORM: 169566 // PACKETSTORM: 169553 // PACKETSTORM: 167654

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	lt	version:	12.6.1	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	12.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	ruby lang	model:	ruby	scope:	gte	version:	2.7.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	ruby lang	model:	ruby	scope:	lt	version:	3.0.4	Trust: 1.0
vendor:	ruby lang	model:	ruby	scope:	gte	version:	3.1.0	Trust: 1.0
vendor:	ruby lang	model:	ruby	scope:	lt	version:	2.6.10	Trust: 1.0
vendor:	ruby lang	model:	ruby	scope:	lt	version:	3.1.2	Trust: 1.0
vendor:	ruby lang	model:	ruby	scope:	lt	version:	2.7.6	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.7.1	Trust: 1.0
vendor:	ruby lang	model:	ruby	scope:	gte	version:	3.0.0	Trust: 1.0

sources: NVD: CVE-2022-28739

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-28739
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202204-3369
value:	HIGH
Trust: 0.6
VULHUB:	VHN-420273
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-28739
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-420273
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-28739
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-420273 // CNNVD: CNNVD-202204-3369 // NVD: CVE-2022-28739

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.1

sources: VULHUB: VHN-420273 // NVD: CVE-2022-28739

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-3369

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202204-3369

PATCH

title:

Ruby Buffer error vulnerability fix

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=193537

Trust: 0.6

sources: CNNVD: CNNVD-202204-3369

EXTERNAL IDS

db:	NVD	id:	CVE-2022-28739	Trust: 2.4
db:	HACKERONE	id:	1248108	Trust: 1.7
db:	PACKETSTORM	id:	168691	Trust: 0.8
db:	PACKETSTORM	id:	167654	Trust: 0.8
db:	PACKETSTORM	id:	168360	Trust: 0.7
db:	PACKETSTORM	id:	167425	Trust: 0.7
db:	PACKETSTORM	id:	169577	Trust: 0.7
db:	PACKETSTORM	id:	168445	Trust: 0.7
db:	CS-HELP	id:	SB2022041404	Trust: 0.6
db:	CS-HELP	id:	SB2022060723	Trust: 0.6
db:	CS-HELP	id:	SB2022072010	Trust: 0.6
db:	CS-HELP	id:	SB2022070105	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.4673	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.5061	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.3320	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2802	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.5301	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-3369	Trust: 0.6
db:	PACKETSTORM	id:	168357	Trust: 0.2
db:	PACKETSTORM	id:	169553	Trust: 0.2
db:	PACKETSTORM	id:	167421	Trust: 0.2
db:	PACKETSTORM	id:	169566	Trust: 0.2
db:	PACKETSTORM	id:	168692	Trust: 0.1
db:	PACKETSTORM	id:	169552	Trust: 0.1
db:	VULHUB	id:	VHN-420273	Trust: 0.1

sources: VULHUB: VHN-420273 // PACKETSTORM: 168691 // PACKETSTORM: 168357 // PACKETSTORM: 168445 // PACKETSTORM: 167421 // PACKETSTORM: 169566 // PACKETSTORM: 169553 // PACKETSTORM: 167654 // CNNVD: CNNVD-202204-3369 // NVD: CVE-2022-28739

REFERENCES

url:	http://seclists.org/fulldisclosure/2022/oct/28	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2022/oct/29	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2022/oct/30	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2022/oct/41	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2022/oct/42	Trust: 1.7
url:	https://hackerone.com/reports/1248108	Trust: 1.7
url:	https://security-tracker.debian.org/tracker/cve-2022-28739	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20220624-0002/	Trust: 1.7
url:	https://support.apple.com/kb/ht213488	Trust: 1.7
url:	https://support.apple.com/kb/ht213493	Trust: 1.7
url:	https://support.apple.com/kb/ht213494	Trust: 1.7
url:	https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html	Trust: 1.6
url:	https://security.gentoo.org/glsa/202401-27	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2022-28739	Trust: 0.7
url:	https://www.auscert.org.au/bulletins/esb-2022.2802	Trust: 0.6
url:	https://packetstormsecurity.com/files/168360/red-hat-security-advisory-2022-6447-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb20220720108	Trust: 0.6
url:	https://packetstormsecurity.com/files/167425/ubuntu-security-notice-usn-5462-2.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060723	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041404	Trust: 0.6
url:	https://packetstormsecurity.com/files/168445/red-hat-security-advisory-2022-6585-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.3320	Trust: 0.6
url:	https://packetstormsecurity.com/files/168691/red-hat-security-advisory-2022-6856-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5061	Trust: 0.6
url:	https://support.apple.com/en-us/ht213494	Trust: 0.6
url:	https://packetstormsecurity.com/files/169577/apple-security-advisory-2022-10-27-8.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/167654/red-hat-security-advisory-2022-5338-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.4673	Trust: 0.6
url:	https://vigilance.fr/vulnerability/ruby-buffer-overflow-via-string-to-float-conversion-38079	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5301	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022070105	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-28739/	Trust: 0.6
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://bugzilla.redhat.com/):	Trust: 0.4
url:	https://access.redhat.com/security/team/contact/	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.4
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-28739	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-28738	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-41819	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-41817	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41819	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41817	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-28738	Trust: 0.2
url:	https://support.apple.com/en-us/ht201222.	Trust: 0.2
url:	https://support.apple.com/downloads/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32862	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42825	Trust: 0.2
url:	https://www.apple.com/support/security/pgp/	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-41816	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:6856	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41816	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:6450	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:6585	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/ruby3.0/3.0.2-7ubuntu2.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/ruby2.7/2.7.4-1ubuntu3.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/ruby2.5/2.5.1-1ubuntu1.12	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5462-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.7	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42798	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-37434	Trust: 0.1
url:	https://support.apple.com/ht213494.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42801	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32944	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42803	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42800	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32941	Trust: 0.1
url:	https://support.apple.com/ht213493.	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:5338	Trust: 0.1

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 168691 // PACKETSTORM: 168357 // PACKETSTORM: 168445 // PACKETSTORM: 167654

SOURCES

db:	VULHUB	id:	VHN-420273
db:	PACKETSTORM	id:	168691
db:	PACKETSTORM	id:	168357
db:	PACKETSTORM	id:	168445
db:	PACKETSTORM	id:	167421
db:	PACKETSTORM	id:	169566
db:	PACKETSTORM	id:	169553
db:	PACKETSTORM	id:	167654
db:	CNNVD	id:	CNNVD-202204-3369
db:	NVD	id:	CVE-2022-28739

LAST UPDATE DATE

2024-11-23T20:01:08.146000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-420273	date:	2022-11-08T00:00:00
db:	CNNVD	id:	CNNVD-202204-3369	date:	2023-06-13T00:00:00
db:	NVD	id:	CVE-2022-28739	date:	2024-11-21T06:57:50.467

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-420273	date:	2022-05-09T00:00:00
db:	PACKETSTORM	id:	168691	date:	2022-10-11T16:06:47
db:	PACKETSTORM	id:	168357	date:	2022-09-13T15:43:25
db:	PACKETSTORM	id:	168445	date:	2022-09-21T13:50:28
db:	PACKETSTORM	id:	167421	date:	2022-06-07T15:13:54
db:	PACKETSTORM	id:	169566	date:	2022-10-31T14:25:29
db:	PACKETSTORM	id:	169553	date:	2022-10-31T14:19:37
db:	PACKETSTORM	id:	167654	date:	2022-07-01T14:58:20
db:	CNNVD	id:	CNNVD-202204-3369	date:	2022-04-14T00:00:00
db:	NVD	id:	CVE-2022-28739	date:	2022-05-09T18:15:08.540