FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 18:22:07 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
f22144d7-bad1-11ec-9cfe-0800270512f4	Ruby -- Double free in Regexp compilation piao reports: Due to a bug in the Regexp compilation process, creating a Regexp object with a crafted source string could cause the same memory to be freed twice. This is known as a "double free" vulnerability. Note that, in general, it is considered unsafe to create and use a Regexp object generated from untrusted input. In this case, however, following a comprehensive assessment, we treat this issue as a vulnerability. Discovery 2022-04-12 Entry 2022-04-13 ruby ge 3.0.0,1 lt 3.0.4,1 ge 3.1.0,1 lt 3.1.2,1 ge 3.2.0.p1,1 lt 3.2.0.p1_1,1 ruby30 ge 3.0.0,1 lt 3.0.4,1 ruby31 ge 3.1.0,1 lt 3.1.2,1 ruby32 ge 3.2.0.p1,1 lt 3.2.0.p1_1,1 CVE-2022-28738 https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/

VuXML ID

Description

f22144d7-bad1-11ec-9cfe-0800270512f4

Ruby -- Double free in Regexp compilation

piao reports:

Due to a bug in the Regexp compilation process, creating a Regexp object with a crafted source string could cause the same memory to be freed twice. This is known as a "double free" vulnerability. Note that, in general, it is considered unsafe to create and use a Regexp object generated from untrusted input. In this case, however, following a comprehensive assessment, we treat this issue as a vulnerability.

Discovery 2022-04-12
Entry 2022-04-13
ruby

ge 3.0.0,1 lt 3.0.4,1

ge 3.1.0,1 lt 3.1.2,1

ge 3.2.0.p1,1 lt 3.2.0.p1_1,1

ruby30

ge 3.0.0,1 lt 3.0.4,1

ruby31

ge 3.1.0,1 lt 3.1.2,1

ruby32

ge 3.2.0.p1,1 lt 3.2.0.p1_1,1

CVE-2022-28738
https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/