CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
AI Score
Confidence
Low
Medium
Canonical Ubuntu
It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked into parsing a specially crafted .rdoc_options file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2024-27281) It was discovered that the Ruby regex compiler incorrectly handled certain memory operations. A remote attacker could possibly use this issue to obtain sensitive memory contents. (CVE-2024-27282) Update Instructions: Run sudo pro fix USN-6838-1
to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.7 – 2.7.0-5ubuntu1.13 ruby2.7 – 2.7.0-5ubuntu1.13 ruby2.7-dev – 2.7.0-5ubuntu1.13 ruby2.7-doc – 2.7.0-5ubuntu1.13 No subscription required
CVEs contained in this USN include: CVE-2024-27281, CVE-2024-27282.
Severity is medium unless otherwise noted.
Users of affected products are strongly encouraged to follow the mitigations below.
The Cloud Foundry project recommends upgrading the following releases:
2024-07-25: Initial vulnerability report published.
Vendor | Product | Version | CPE |
---|---|---|---|
cloudfoundry | cflinuxfs4 | * | cpe:2.3:a:cloudfoundry:cflinuxfs4:*:*:*:*:*:*:*:* |
cloudfoundry | cf-deployment | * | cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:* |