Description

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1.

INFO

Published Date :

2024-05-08T20:40:42.040Z

Last Modified :

2025-11-04T17:17:53.040Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-27282 vulnerability.

Vendors Products
Redhat
  • Enterprise Linux

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact