Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-28756

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

Published

2023-03-31T04:15:09.090

Last Modified

2024-11-21T07:55:56.653

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-1333

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ruby-lang	ruby	≤ 2.7.7	Yes
Application	ruby-lang	time	0.1.0	Yes
Application	ruby-lang	time	0.2.1	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	fedoraproject	fedora	36	Yes
Operating System	fedoraproject	fedora	37	Yes
Operating System	fedoraproject	fedora	38	Yes

References

https://github.com/ruby/time/releases/ Release Notes ([email protected])
https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z/ ([email protected])
https://security.gentoo.org/glsa/202401-27 ([email protected])
https://security.netapp.com/advisory/ntap-20230526-0004/ Third Party Advisory ([email protected])
https://www.ruby-lang.org/en/downloads/releases/ Release Notes ([email protected])
https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released/ Release Notes ([email protected])
https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/ Vendor Advisory ([email protected])
https://github.com/ruby/time/releases/ Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202401-27 (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230526-0004/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.ruby-lang.org/en/downloads/releases/ Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released/ Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)