CVE-2024-27280: Buffer overread vulnerability in StringIO
21-Mar-2024 705
We have released the StringIO gem version 3.0.1.1 and 3.0.1.2 that have a security fix for a buffer overread vulnerability. This vulnerability has been assigned the CVE identifier CVE-2024-27280.DetailsAn issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4.The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value.This vulnerability is not affected StringIO 3.0.3 and later, and Ruby 3.2.x and later.
CVE-2024-27280: Buffer overread vulnerability in StringIO #ruby #rubydeveloper #rubyonrails #CVE-2024-27280: #Buffer #overread #vulnerability #StringIO #vulnerability https://rubyonrails.ba/link/cve-2024-27280-buffer-overread-vulnerability-in-stringio