CVE-2024-27282

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-27282

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-27282.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-27282

Aliases

Downstream

ALPINE-CVE-2024-27282

BELL-CVE-2024-27282

DEBIAN-CVE-2024-27282

DLA-3858-1

DSA-5677-1

OESA-2024-1545

OESA-2024-1607

OESA-2024-1608

OESA-2024-1609

OESA-2024-1610

OESA-2024-1611

RHSA-2024:3500

RHSA-2024:3546

RHSA-2024:3668

RHSA-2024:3670

RHSA-2024:3671

RHSA-2024:3838

RHSA-2024:4499

RLSA-2024:3668

RLSA-2024:3670

RLSA-2024:3671

RLSA-2024:4499

UBUNTU-CVE-2024-27282

USN-6838-1

USN-7734-1

Related

Withdrawn

2026-01-27T04:19:37.231958Z

Published

2024-05-14T15:11:57Z

Modified

2026-01-27T04:19:37.231958Z

Summary

[none]

Details

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1.

References

Affected packages