Medium severity6.6NVD Advisory· Published May 14, 2024· Updated Jun 17, 2026
CVE-2024-27282
CVE-2024-27282
Description
An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
48- osv-coords46 versionspkg:bitnami/rubypkg:bitnami/ruby-minpkg:rpm/almalinux/rubypkg:rpm/almalinux/ruby-bundled-gemspkg:rpm/almalinux/ruby-default-gemspkg:rpm/almalinux/ruby-develpkg:rpm/almalinux/ruby-docpkg:rpm/almalinux/rubygem-abrtpkg:rpm/almalinux/rubygem-abrt-docpkg:rpm/almalinux/rubygem-bigdecimalpkg:rpm/almalinux/rubygem-bsonpkg:rpm/almalinux/rubygem-bson-docpkg:rpm/almalinux/rubygem-bundlerpkg:rpm/almalinux/rubygem-bundler-docpkg:rpm/almalinux/rubygem-did_you_meanpkg:rpm/almalinux/rubygem-io-consolepkg:rpm/almalinux/rubygem-irbpkg:rpm/almalinux/rubygem-jsonpkg:rpm/almalinux/rubygem-minitestpkg:rpm/almalinux/rubygem-mongopkg:rpm/almalinux/rubygem-mongo-docpkg:rpm/almalinux/rubygem-mysql2pkg:rpm/almalinux/rubygem-mysql2-docpkg:rpm/almalinux/rubygem-net-telnetpkg:rpm/almalinux/rubygem-opensslpkg:rpm/almalinux/rubygem-pgpkg:rpm/almalinux/rubygem-pg-docpkg:rpm/almalinux/rubygem-power_assertpkg:rpm/almalinux/rubygem-psychpkg:rpm/almalinux/rubygem-raccpkg:rpm/almalinux/rubygem-rakepkg:rpm/almalinux/rubygem-rbspkg:rpm/almalinux/rubygem-rdocpkg:rpm/almalinux/rubygem-rexmlpkg:rpm/almalinux/rubygem-rsspkg:rpm/almalinux/rubygemspkg:rpm/almalinux/rubygems-develpkg:rpm/almalinux/rubygem-test-unitpkg:rpm/almalinux/rubygem-typeprofpkg:rpm/almalinux/rubygem-xmlrpcpkg:rpm/almalinux/ruby-irbpkg:rpm/almalinux/ruby-libspkg:rpm/rocky-linux/ruby?distro=rocky-linux-8&epoch=0pkg:rpm/rocky-linux/rubygem-abrt?distro=rocky-linux-8&epoch=0pkg:rpm/rocky-linux/rubygem-mysql2?distro=rocky-linux-8&epoch=0pkg:rpm/rocky-linux/rubygem-pg?distro=rocky-linux-8&epoch=0
< 3.1.5+ 45 more
- (no CPE)range: < 3.1.5
- (no CPE)range: < 3.1.6
- (no CPE)range: < 3.0.7-143.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 3.1.5-143.module_el8.10.0+3854+02eaa59a
- (no CPE)range: < 3.0.7-143.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 3.0.7-143.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 3.0.7-143.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 0.4.0-1.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 0.4.0-1.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 3.0.0-143.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 4.3.0-2.module_el8.5.0+2625+ec418553
- (no CPE)range: < 4.3.0-2.module_el8.5.0+2625+ec418553
- (no CPE)range: < 2.2.33-143.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 1.16.1-4.module_el8.10.0+3871+342e2c2f
- (no CPE)range: < 1.2.0-112.module_el8.10.0+3871+342e2c2f
- (no CPE)range: < 0.5.7-143.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 1.3.5-143.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 2.5.1-143.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 5.14.2-143.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 2.5.1-2.module_el8.5.0+2625+ec418553
- (no CPE)range: < 2.5.1-2.module_el8.5.0+2625+ec418553
- (no CPE)range: < 0.5.3-2.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 0.5.3-2.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 0.1.1-112.module_el8.10.0+3871+342e2c2f
- (no CPE)range: < 2.1.2-112.module_el8.10.0+3871+342e2c2f
- (no CPE)range: < 1.2.3-1.module_el8.5.0+2595+0c654ebc
- (no CPE)range: < 1.2.3-1.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 1.2.1-143.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 3.3.2-143.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 1.7.3-2.module_el8.10.0+3855+767cb125
- (no CPE)range: < 13.0.3-143.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 1.4.0-143.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 6.3.4.1-143.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 3.2.5-143.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 0.2.9-143.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 3.2.33-143.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 3.2.33-143.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 3.3.7-143.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 0.15.2-143.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 0.3.0-112.module_el8.10.0+3871+342e2c2f
- (no CPE)range: < 2.5.9-112.module_el8.10.0+3871+342e2c2f
- (no CPE)range: < 3.0.7-143.module_el8.10.0+3852+ce828b19
- (no CPE)range: < 0:3.1.5-143.module+el8.10.0+1826+b62220b4
- (no CPE)range: < 0:0.4.0-1.module+el8.10.0+1679+61871737
- (no CPE)range: < 0:0.5.3-3.module+el8.10.0+1744+6c504228
- (no CPE)range: < 0:1.3.2-1.module+el8.10.0+1741+bdb5b6ca
Patches
Vulnerability mechanics
References
6- hackerone.com/reports/2122624nvd
- lists.debian.org/debian-lts-announce/2024/09/msg00000.htmlnvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XYDHPHEZI7OQXTQKTDZHGZNPIJH7ZV5N/nvd
- security.netapp.com/advisory/ntap-20241011-0007/nvd
- www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/nvd
News mentions
0No linked articles in our index yet.