A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.
CPE | Name | Operator | Version |
---|---|---|---|
ruby | eq | 1.8.7_p174-r2 | |
ruby | eq | 1.8.7_p160-r2 | |
ruby | eq | 2.1.5-r1 | |
ruby | eq | 2.0.0_p247-r2 | |
ruby | eq | 2.3.3-r3 | |
ruby | eq | 2.6.3-r3 | |
ruby | eq | 2.5.5-r3 | |
ruby | eq | 2.0.0_p247-r3 | |
ruby | eq | 3_0_1 | |
ruby | eq | 2.6.5-r3 |