mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
28 lines
1.5 KiB
JSON
28 lines
1.5 KiB
JSON
{
|
|
"id": "CVE-2024-27280",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2024-05-14T15:11:56.940",
|
|
"lastModified": "2024-05-14T16:13:02.773",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se descubri\u00f3 un problema de sobrelectura del b\u00fafer en StringIO 3.0.1, distribuido en Ruby 3.0.x hasta 3.0.6 y 3.1.x hasta 3.1.4. Los m\u00e9todos ungetbyte y ungetc en StringIO pueden leer m\u00e1s all\u00e1 del final de una cadena, y una llamada posterior a StringIO.gets puede devolver el valor de la memoria. 3.0.3 es la versi\u00f3n fija principal; sin embargo, para los usuarios de Ruby 3.0, una versi\u00f3n fija es stringio 3.0.1.1, y para los usuarios de Ruby 3.1, una versi\u00f3n fija es stringio 3.0.1.2."
|
|
}
|
|
],
|
|
"metrics": {},
|
|
"references": [
|
|
{
|
|
"url": "https://hackerone.com/reports/1399856",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/",
|
|
"source": "cve@mitre.org"
|
|
}
|
|
]
|
|
} |