CVE-2022-28739

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-28739

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-28739.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-28739

Aliases

Downstream

ALPINE-CVE-2022-28739

BELL-CVE-2022-28739

DEBIAN-CVE-2022-28739

DLA-3450-1

DLA-3858-1

OESA-2022-1700

RHSA-2022:5338

RHSA-2022:6447

RHSA-2022:6450

RHSA-2022:6585

RHSA-2022:6855

RHSA-2022:6856

RHSA-2023:7025

RLSA-2022:5338

RLSA-2022:6447

RLSA-2022:6450

RLSA-2022:6585

SUSE-SU-2022:1512-1

UBUNTU-CVE-2022-28739

USN-5462-1

USN-5462-2

openSUSE-SU-2024:12006-1

openSUSE-SU-2024:12712-1

openSUSE-SU-2024:13623-1

openSUSE-SU-2025:14621-1

Related

Published

2022-05-09T18:15:08.540Z

Modified

2026-02-24T11:42:33.272190Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.

References

Affected packages

Git / github.com/wordpress/wordpress-develop

Affected ranges

Type: GIT
Repo: https://github.com/wordpress/wordpress-develop
Events: Introduced

2b9b722d75266ba8921d199ff0ce92fd07abba6f

Fixed

94745181ebcf99db10be9080387c271748427f50

Introduced

df63faab6622e60d1b5e82f905a7d999c02e7232

Fixed

05f1a20db406ff90b33ba5e5d9fa750bf504aca1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-28739.json"