Bugzilla – Bug 1198441
VUL-0: CVE-2022-28739: ruby: Buffer overrun in String-to-Float conversion
Last modified: 2022-09-30 12:27:19 UTC
CVE-2022-28739: Buffer overrun in String-to-Float conversion Posted by mame on 12 Apr 2022 A buffer-overrun vulnerability is discovered in a conversion algorithm from a String to a Float. This vulnerability has been assigned the CVE identifier CVE-2022-28739. We strongly recommend upgrading Ruby. Details Due to a bug in an internal function that converts a String to a Float, some convertion methods like Kernel#Float and String#to_f could cause buffer over-read. A typical consequence is a process termination due to segmentation fault, but in a limited circumstances, it may be exploitable for illegal memory read. Please update Ruby to 2.6.10, 2.7.6, 3.0.4, or 3.1.2. Affected versions ruby 2.6.9 or prior ruby 2.7.5 or prior ruby 3.0.3 or prior ruby 3.1.1 or prior Credits Thanks to piao for discovering this issue. History Originally published at 2022-04-12 12:00:00 (UTC)
https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/
This is an autogenerated message for OBS integration: This bug (1198441) was mentioned in https://build.opensuse.org/request/show/969769 Factory / ruby3.1
This is an autogenerated message for OBS integration: This bug (1198441) was mentioned in https://build.opensuse.org/request/show/969824 Factory / ruby3.1
SUSE-SU-2022:1512-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1188160,1188161,1190375,1193035,1198441 CVE References: CVE-2021-31799,CVE-2021-31810,CVE-2021-32066,CVE-2021-41817,CVE-2022-28739 JIRA References: Sources used: openSUSE Leap 15.4 (src): ruby2.5-2.5.9-150000.4.23.1 openSUSE Leap 15.3 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Manager Server 4.1 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Manager Retail Branch Server 4.1 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Manager Proxy 4.1 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise Server for SAP 15 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise Server 15-LTSS (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise Realtime Extension 15-SP2 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise Micro 5.0 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Enterprise Storage 7 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Enterprise Storage 6 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE CaaS Platform 4.0 (src): ruby2.5-2.5.9-150000.4.23.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
After careful consideration on our end, we have come to the decision that backporting this fix is neither economically or technically feasible. Please reach out to security@suse.de in case of any questions.