FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
06ed6a49-bad4-11ec-9cfe-0800270512f4Ruby -- Buffer overrun in String-to-Float conversion

piao reports:

Due to a bug in an internal function that converts a String to a Float, some convertion methods like Kernel#Float and String#to_f could cause buffer over-read. A typical consequence is a process termination due to segmentation fault, but in a limited circumstances, it may be exploitable for illegal memory read.


Discovery 2022-04-12
Entry 2022-04-13
ruby
ge 2.7.0,1 lt 2.7.6,1

ge 3.0.0,1 lt 3.0.4,1

ge 3.1.0,1 lt 3.1.2,1

ge 3.2.0.p1,1 lt 3.2.0.p1_1,1

ruby27
ge 2.7.0,1 lt 2.7.6,1

ruby30
ge 3.0.0,1 lt 3.0.4,1

ruby31
ge 3.1.0,1 lt 3.1.2,1

ruby32
ge 3.2.0.p1,1 lt 3.2.0.p1_1,1

CVE-2022-28739
https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/