Candidate: CVE-2022-28739
PublicDate: 2022-04-27 08:45:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28739
 https://github.com/ruby/ruby/commit/69f9992ed41920389d4185141a14f02f89a4d306 (v2_6_10)
 https://github.com/ruby/ruby/commit/c9c2245c0a25176072e02db9254f0e0c84c805cd (v2_7_6)
 https://github.com/ruby/ruby/commit/3fa771ddedac25560be57f4055f1767e6c810f58 (v3_0_4)
 https://github.com/ruby/ruby/commit/8d142ecff9af7d60728b8cfa9138e8623985c428 (v3_1_2)
 https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/
 https://access.redhat.com/security/cve/CVE-2022-28739
Description:
 Ruby: Buffer overrun in String-to-Float conversion
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009956
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009957
Priority: low
Discovered-by:
Assigned-to:
CVSS:


Patches_ruby3.0:
upstream_ruby3.0: released (3.0.4-1)
jammy_ruby3.0: needs-triage
devel_ruby3.0: needs-triage

Patches_ruby2.7:
upstream_ruby2.7: needs-triage
focal_ruby2.7: needs-triage
impish_ruby2.7: needs-triage
jammy_ruby2.7: DNE

Patches_ruby2.5:
upstream_ruby2.5: needs-triage
bionic_ruby2.5: needs-triage

Patches_ruby2.3:
upstream_ruby2.3: needs-triage
esm-infra/xenial_ruby2.3: needs-triage