UBUNTU-CVE-2024-27282
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2024-27282
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-27282.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-27282
- Related
- Published
- 2024-05-14T15:11:00Z
- Modified
- 2024-05-14T15:11:00Z
- Summary
- [none]
- Details
-
An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1.
- References
-
- https://ubuntu.com/security/CVE-2024-27282
- https://www.cve.org/CVERecord?id=CVE-2024-27282
- https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/
- https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a
- https://ubuntu.com/security/notices/USN-6838-1
Affected packages
Ubuntu:Pro:14.04:LTS / jruby
Package
- Name
- jruby
Ubuntu:Pro:16.04:LTS / ruby2.3
Package
- Name
- ruby2.3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.3.0-1
2.3.0-2
2.3.0-4ubuntu2
2.3.0-4ubuntu3
2.3.0-5ubuntu1
2.3.1-2~16.04
2.3.1-2~16.04.2
2.3.1-2~16.04.4
2.3.1-2~16.04.5
2.3.1-2~16.04.6
2.3.1-2~16.04.7
2.3.1-2~16.04.9
2.3.1-2~16.04.10
2.3.1-2~16.04.11
2.3.1-2~16.04.12
2.3.1-2~ubuntu16.04.13
2.3.1-2~ubuntu16.04.14
2.3.1-2~ubuntu16.04.15
2.3.1-2~ubuntu16.04.16
2.3.1-2~ubuntu16.04.16+esm1
2.3.1-2~ubuntu16.04.16+esm2
2.3.1-2~ubuntu16.04.16+esm3
2.3.1-2~ubuntu16.04.16+esm4
2.3.1-2~ubuntu16.04.16+esm5
2.3.1-2~ubuntu16.04.16+esm6
2.3.1-2~ubuntu16.04.16+esm7
2.3.1-2~ubuntu16.04.16+esm8
Ubuntu:Pro:16.04:LTS / jruby
Package
- Name
- jruby
Ubuntu:Pro:18.04:LTS / ruby2.5
Package
- Name
- ruby2.5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.5.0~preview1-1ubuntu2
2.5.0-4ubuntu1
2.5.0-4ubuntu4
2.5.0-5ubuntu1
2.5.0-6ubuntu1
2.5.1-1ubuntu1
2.5.1-1ubuntu1.1
2.5.1-1ubuntu1.2
2.5.1-1ubuntu1.4
2.5.1-1ubuntu1.5
2.5.1-1ubuntu1.6
2.5.1-1ubuntu1.7
2.5.1-1ubuntu1.8
2.5.1-1ubuntu1.9
2.5.1-1ubuntu1.10
2.5.1-1ubuntu1.11
2.5.1-1ubuntu1.12
2.5.1-1ubuntu1.13
2.5.1-1ubuntu1.14
2.5.1-1ubuntu1.15
2.5.1-1ubuntu1.16
2.5.1-1ubuntu1.16+esm1
Ubuntu:Pro:18.04:LTS / jruby
Package
- Name
- jruby
Ubuntu:20.04:LTS / jruby
Package
- Name
- jruby
Ubuntu:20.04:LTS / ruby2.7
Package
- Name
- ruby2.7
- Purl
- pkg:deb/ubuntu/ruby2.7@2.7.0-5ubuntu1.13?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.7.0-5ubuntu1.13
Affected versions
2.*
2.7.0-1
2.7.0-2
2.7.0-3
2.7.0-4
2.7.0-4ubuntu1
2.7.0-5ubuntu1
2.7.0-5ubuntu1.1
2.7.0-5ubuntu1.2
2.7.0-5ubuntu1.3
2.7.0-5ubuntu1.4
2.7.0-5ubuntu1.5
2.7.0-5ubuntu1.6
2.7.0-5ubuntu1.7
2.7.0-5ubuntu1.8
2.7.0-5ubuntu1.9
2.7.0-5ubuntu1.10
2.7.0-5ubuntu1.11
2.7.0-5ubuntu1.12
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"ruby2.7-doc": "2.7.0-5ubuntu1.13",
"ruby2.7-dbgsym": "2.7.0-5ubuntu1.13",
"ruby2.7": "2.7.0-5ubuntu1.13",
"libruby2.7": "2.7.0-5ubuntu1.13",
"libruby2.7-dbgsym": "2.7.0-5ubuntu1.13",
"ruby2.7-dev": "2.7.0-5ubuntu1.13"
}
]
}
Ubuntu:22.04:LTS / ruby3.0
Package
- Name
- ruby3.0
- Purl
- pkg:deb/ubuntu/ruby3.0@3.0.2-7ubuntu2.6?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.2-7ubuntu2.6
Affected versions
3.*
3.0.2-5ubuntu1
3.0.2-7
3.0.2-7ubuntu2
3.0.2-7ubuntu2.1
3.0.2-7ubuntu2.2
3.0.2-7ubuntu2.3
3.0.2-7ubuntu2.4
3.0.2-7ubuntu2.5
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"ruby3.0-dev": "3.0.2-7ubuntu2.6",
"ruby3.0": "3.0.2-7ubuntu2.6",
"ruby3.0-doc": "3.0.2-7ubuntu2.6",
"libruby3.0": "3.0.2-7ubuntu2.6",
"libruby3.0-dbgsym": "3.0.2-7ubuntu2.6",
"ruby3.0-dbgsym": "3.0.2-7ubuntu2.6"
}
]
}
Ubuntu:24.04:LTS / jruby
Package
- Name
- jruby
Ubuntu:24.04:LTS / ruby3.2
Package
- Name
- ruby3.2
- Purl
- pkg:deb/ubuntu/ruby3.2@3.2.3-1ubuntu0.24.04.1?arch=src?distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.2.3-1ubuntu0.24.04.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"ruby3.2-dbgsym": "3.2.3-1ubuntu0.24.04.1",
"ruby3.2-doc": "3.2.3-1ubuntu0.24.04.1",
"libruby3.2": "3.2.3-1ubuntu0.24.04.1",
"ruby3.2-dev": "3.2.3-1ubuntu0.24.04.1",
"ruby3.2": "3.2.3-1ubuntu0.24.04.1",
"libruby3.2-dbgsym": "3.2.3-1ubuntu0.24.04.1"
}
]
}