CVE-2024-27282

MEDIUM Year: 2024
CVSS v3 Score
6.6
Medium
Weakness Type
CWE-125
View all →

Vulnerability Description

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1.

Related Vulnerabilities

CVE-2017-16529

MEDIUM
CVSS:6.6(Medium)

The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspeci...

CWE-1252017

CVE-2017-16530

MEDIUM
CVSS:6.6(Medium)

The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB devic...

CWE-1252017

CVE-2017-16533

MEDIUM
CVSS:6.6(Medium)

The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unsp...

CWE-1252017

CVE-2017-16535

MEDIUM
CVSS:6.6(Medium)

The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly ha...

CWE-1252017

CVE-2017-16643

MEDIUM
CVSS:6.6(Medium)

The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or poss...

CWE-1252017

CVE-2017-16645

MEDIUM
CVSS:6.6(Medium)

The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read a...

CWE-1252017