Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-28756HistoryMar 31, 2023 - 4:15 a.m.
CVE-2023-28756
2023-03-3104:15:09
Debian Security Bug Tracker
security-tracker.debian.org
15
cve-2023-28756
time component
ruby
redos
vulnerability
execution time
parsing
urls
fixed versions
unix
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
0.003 Low
EPSS
Percentile
69.5%
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | jruby | <= 9.3.9.0+ds-8 | jruby_9.3.9.0+ds-8_all.deb |
| Debian | 999 | all | jruby | <= 9.4.6.0+ds-1.1 | jruby_9.4.6.0+ds-1.1_all.deb |
| Debian | 13 | all | jruby | <= 9.4.6.0+ds-1.1 | jruby_9.4.6.0+ds-1.1_all.deb |
| Debian | 11 | all | ruby2.7 | <= 2.7.4-1+deb11u1 | ruby2.7_2.7.4-1+deb11u1_all.deb |
| Debian | 12 | all | ruby3.1 | <= 3.1.2-7+deb12u1 | ruby3.1_3.1.2-7+deb12u1_all.deb |
| Debian | 999 | all | ruby3.1 | <= 3.1.2-8.3 | ruby3.1_3.1.2-8.3_all.deb |
| Debian | 13 | all | ruby3.1 | <= 3.1.2-8.3 | ruby3.1_3.1.2-8.3_all.deb |
Related
github
github
Ruby Time component ReDoS issue
2023-03-31 06:30:15
nessus
nessus
EulerOS 2.0 SP10 : ruby (EulerOS-SA-2023-1810)
2023-05-10 00:00:00
EulerOS 2.0 SP9 : ruby (EulerOS-SA-2023-2321)
2023-07-09 00:00:00
EulerOS 2.0 SP10 : ruby (EulerOS-SA-2023-1828)
2023-05-09 00:00:00
cgr
cgr
CVE-2023-28756 vulnerabilities
2024-05-19 03:07:16
openvas
openvas
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-2321)
2023-07-10 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-2341)
2023-07-10 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-1810)
2023-05-09 00:00:00
osv
osv
Ruby Time component ReDoS issue
2023-03-31 06:30:15
CVE-2023-28756
2023-03-31 04:15:09
BIT-ruby-2023-28756
2024-03-06 11:04:05
cvelist
cvelist
CVE-2023-28756
2023-03-31 00:00:00
redhatcve
redhatcve
CVE-2023-28756
2023-04-03 14:43:40
amazon
amazon
Medium: ruby
2023-06-07 23:52:00
nvd
nvd
CVE-2023-28756
2023-03-31 04:15:09
wolfi
wolfi
CVE-2023-28756 vulnerabilities
2024-07-05 21:08:40
cve
cve
CVE-2023-28756
2023-03-31 04:15:09
freebsd
freebsd
rubygem-time -- ReDoS vulnerability
2023-03-30 00:00:00
ubuntucve
ubuntucve
CVE-2023-28756
2023-03-31 00:00:00
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2023-04-04 14:02:35
hackerone
hackerone
Internet Bug Bounty: ReDoS( Ruby, Time)
2023-04-01 23:52:39
Ruby: ReDoS in Time.rfc2822
2022-02-18 22:22:29
alpinelinux
alpinelinux
CVE-2023-28756
2023-03-31 04:15:09
prion
prion
Authentication flaw
2023-03-31 04:15:00
slackware
slackware
[slackware-security] ruby
2023-03-31 18:29:16
cloudfoundry
cloudfoundry
USN-6055-1: Ruby vulnerabilities | Cloud Foundry
2023-06-30 00:00:00
USN-6087-1: Ruby vulnerabilities | Cloud Foundry
2023-06-05 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2023-05-04 00:00:00
Ruby vulnerabilities
2023-05-18 00:00:00
Ruby vulnerabilities
2023-06-21 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: ruby-3.1.4-175.fc36
2023-04-21 01:25:27
[SECURITY] Fedora 38 Update: ruby-3.2.2-180.fc38
2023-04-15 02:16:08
[SECURITY] Fedora 37 Update: ruby-3.1.4-175.fc37
2023-04-21 02:11:09
debian
debian
[SECURITY] [DLA 3447-1] ruby2.5 security update
2023-06-07 20:38:22
[SECURITY] [DLA 3408-1] jruby security update
2023-04-30 20:58:08
rocky
rocky
ruby:2.7 security, bug fix, and enhancement update
2023-08-31 16:54:34
ruby:3.1 security, bug fix, and enhancement update
2024-04-05 14:57:12
ruby:3.1 security, bug fix, and enhancement update
2024-03-27 04:34:32
oraclelinux
oraclelinux
ruby:2.7 security, bug fix, and enhancement update
2023-07-08 00:00:00
ruby:2.5 security update
2023-11-18 00:00:00
ruby:3.1 security, bug fix, and enhancement update
2024-04-02 00:00:00
almalinux
almalinux
Moderate: ruby:2.7 security, bug fix, and enhancement update
2023-06-27 00:00:00
Moderate: ruby:2.5 security update
2023-11-14 00:00:00
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-04-01 00:00:00
redhat
redhat
photon
photon
Important Photon OS Security Update - PHSA-2024-4.0-0562
2024-02-08 00:00:00
Important Photon OS Security Update - PHSA-2024-3.0-0732
2024-02-29 00:00:00
thn
thn
gentoo
gentoo
Ruby: Multiple vulnerabilities
2024-01-24 00:00:00
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
0.003 Low
EPSS
Percentile
69.5%
Related for DEBIANCVE:CVE-2023-28756