A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
24 Jan 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 04:10
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
30 May 2023, 17:17
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
First Time |
Debian debian Linux
Fedoraproject Debian Fedoraproject fedora |
|
CPE | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA/ - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20230526-0004/ - Third Party Advisory |
26 May 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Apr 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Apr 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Apr 2023, 04:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Apr 2023, 17:25
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.ruby-lang.org/en/downloads/releases/ - Release Notes | |
References | (MISC) https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released/ - Release Notes | |
References | (MISC) https://github.com/ruby/time/releases/ - Release Notes | |
References | (CONFIRM) https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/ - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:ruby-lang:time:0.2.1:*:*:*:*:ruby:*:* cpe:2.3:a:ruby-lang:time:0.1.0:*:*:*:*:ruby:*:* cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* |
|
CWE | CWE-1333 | |
First Time |
Ruby-lang time
Ruby-lang ruby Ruby-lang |
31 Mar 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-31 04:15
Updated : 2024-01-24 05:15
NVD link : CVE-2023-28756
Mitre link : CVE-2023-28756
CVE.ORG link : CVE-2023-28756
JSON object : View
Products Affected
fedoraproject
- fedora
ruby-lang
- time
- ruby
debian
- debian_linux
CWE