NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2024-27282

Summary	An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1.
Publication Date	May 15, 2024, 12:11 a.m.
Registration Date	May 15, 2024, 10:05 a.m.
Last Update	Nov. 21, 2024, 6:04 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://hackerone.com/reports/2122624
2	https://hackerone.com/reports/2122624
3	https://security.netapp.com/advisory/ntap-20241011-0007/
4	https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/
5	https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/

Common Vulnerabilities List