FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-08-14 19:19:07 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
2ce1a2f1-0177-11ef-a45e-08002784c58d	ruby -- Arbitrary memory address read vulnerability with Regex search sp2ip reports: If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. Discovery 2024-04-23 Entry 2024-04-23 ruby >= 3.1.0,1 lt 3.1.5,1 >= 3.2.0,1 lt 3.2.4,1 >= 3.3.0,1 lt 3.3.1,1 ruby31 >= 3.1.0,1 lt 3.1.5,1 ruby32 >= 3.2.0,1 lt 3.2.4,1 ruby33 >= 3.3.0,1 lt 3.3.1,1 CVE-2024-27282 https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/
eed1a411-699b-11f0-91fe-000c295725e4	rubygem-resolv -- Possible denial of service Manu reports: The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition. Discovery 2025-07-08 Entry 2025-07-25 rubygem-resolv < 0.6.2 ruby >= 3.2.0.p1,1 lt 3.2.9,1 >= 3.3.0.p1,1 lt 3.3.9,1 >= 3.4.0.p1,1 lt 3.4.5,1 >= 3.5.0.p1,1 lt 3.5.0.p2,1 ruby32 < 3.2.9,1 ruby33 < 3.3.9,1 ruby34 < 3.4.5,1 ruby35 < 3.5.0.p2,1 CVE-2025-24294 https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294/

VuXML ID

Description

2ce1a2f1-0177-11ef-a45e-08002784c58d

ruby -- Arbitrary memory address read vulnerability with Regex search

sp2ip reports:

If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings.

Discovery 2024-04-23
Entry 2024-04-23
ruby

>= 3.1.0,1 lt 3.1.5,1

>= 3.2.0,1 lt 3.2.4,1

>= 3.3.0,1 lt 3.3.1,1

ruby31

>= 3.1.0,1 lt 3.1.5,1

ruby32

>= 3.2.0,1 lt 3.2.4,1

ruby33

>= 3.3.0,1 lt 3.3.1,1

CVE-2024-27282
https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/

eed1a411-699b-11f0-91fe-000c295725e4

rubygem-resolv -- Possible denial of service

Manu reports:

The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet.

An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name.

This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.

Discovery 2025-07-08
Entry 2025-07-25
rubygem-resolv

< 0.6.2

ruby

>= 3.2.0.p1,1 lt 3.2.9,1

>= 3.3.0.p1,1 lt 3.3.9,1

>= 3.4.0.p1,1 lt 3.4.5,1

>= 3.5.0.p1,1 lt 3.5.0.p2,1

ruby32

< 3.2.9,1

ruby33

< 3.3.9,1

ruby34

< 3.4.5,1

ruby35

< 3.5.0.p2,1

CVE-2025-24294
https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294/