A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "ruby3.0-dev": "3.0.2-7ubuntu2.1", "ruby3.0": "3.0.2-7ubuntu2.1", "ruby3.0-doc": "3.0.2-7ubuntu2.1", "libruby3.0": "3.0.2-7ubuntu2.1", "libruby3.0-dbgsym": "3.0.2-7ubuntu2.1", "ruby3.0-dbgsym": "3.0.2-7ubuntu2.1" } ] }