Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2022-28738  

double-free in Regexp compilation

Source
Severity Unknown

Remote Unknown

Type Arbitrary code execution

Description 

double-free in Regexp compilation

AVG-2757 ruby 3.0.3-1 3.0.4-1 High Fixed 

https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/
https://hackerone.com/reports/1220911

compiling a Regexp from untrusted input is considered unsafe in general but this case is still considered a vulnerability. https://hackerone.com/piao?type=user shows the severity as high, the linked reference is not yet public, the ruby-lang post does not state a severity, why nvd assumes this to be critical is unclear as they seem to assume it to be remotely exploitable which suggests the use in a webapp but that should be a cve for the webapp instead

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started