{"id":"CVE-2022-28738","details":"A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.","aliases":["BIT-ruby-2022-28738","BIT-ruby-min-2022-28738"],"modified":"2026-05-18T23:16:07.565514Z","published":"2022-05-09T00:00:00Z","related":["ALSA-2022:6450","ALSA-2022:6585","openSUSE-SU-2024:12006-1","openSUSE-SU-2024:12712-1","openSUSE-SU-2024:13623-1","openSUSE-SU-2025:14621-1","openSUSE-SU-2025:15819-1"],"database_specific":{"unresolved_ranges":[{"source":"DESCRIPTION","extracted_events":[{"introduced":"3.x"},{"fixed":"3.0.4"},{"introduced":"3.1.x"},{"fixed":"3.1.2"}]}],"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/28xxx/CVE-2022-28738.json"},"references":[{"type":"WEB","url":"https://hackerone.com/reports/1220911"},{"type":"WEB","url":"https://security-tracker.debian.org/tracker/CVE-2022-28738"},{"type":"WEB","url":"https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/28xxx/CVE-2022-28738.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28738"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202401-27"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220624-0002/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ruby/ruby","events":[{"introduced":"95aff214687a5e12c3eb57d056665741e734c188"},{"fixed":"3fa771ddedac25560be57f4055f1767e6c810f58"},{"introduced":"fb4df44d1670e9d25aef6b235a7281199a177edb"},{"fixed":"4491bb740a9506d76391ac44bb2fe6e483fec952"}],"database_specific":{"cpe":"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"3.0.0"},{"fixed":"3.0.4"},{"introduced":"3.1.0"},{"fixed":"3.1.2"}]}}],"versions":["v3_1_1","v3_1_0","v3_0_3","v3_0_2","v3_0_1","v3_0_0"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/ruby/ruby/commit/3fa771ddedac25560be57f4055f1767e6c810f58","id":"CVE-2022-28738-6a62c92b","deprecated":false,"signature_version":"v1","digest":{"function_hash":"328864874327574063403775378011327146659","length":8488},"target":{"function":"strtod","file":"missing/dtoa.c"},"signature_type":"Function"},{"source":"https://github.com/ruby/ruby/commit/3fa771ddedac25560be57f4055f1767e6c810f58","id":"CVE-2022-28738-d67435c3","deprecated":false,"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["337285692131683350587106124606194849187","171125667734974039822063106046701353862","315160000533057727845661241951943922131","27247823211488908491542581188290566144","268560890618114141161195735339343855241","321395545576834868767584132304880323141","12924114540111067235220886822648996878","18815063887966383786580032668437598724"]},"target":{"file":"missing/dtoa.c"},"signature_type":"Line"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-28738.json","vanir_signatures_modified":"2026-05-18T23:16:07Z"}}],"schema_version":"1.7.5"}