{"id":"USN-6838-1","summary":"ruby2.7, ruby3.0, ruby3.1, ruby3.2 vulnerabilities","details":"It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If\na user or automated system were tricked into parsing a specially crafted\n.rdoc_options file, a remote attacker could possibly use this issue to\nexecute arbitrary code. (CVE-2024-27281)\n\nIt was discovered that the Ruby regex compiler incorrectly handled certain\nmemory operations. A remote attacker could possibly use this issue to\nobtain sensitive memory contents. (CVE-2024-27282)\n","modified":"2026-02-10T04:44:20Z","published":"2024-06-17T14:24:17Z","related":["UBUNTU-CVE-2024-27281","UBUNTU-CVE-2024-27282"],"upstream":["CVE-2024-27281","CVE-2024-27282","UBUNTU-CVE-2024-27281","UBUNTU-CVE-2024-27282"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6838-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-27281"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-27282"}],"affected":[{"package":{"name":"ruby2.7","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/ruby2.7@2.7.0-5ubuntu1.13?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.0-5ubuntu1.13"}]}],"versions":["2.7.0-1","2.7.0-2","2.7.0-3","2.7.0-4","2.7.0-4ubuntu1","2.7.0-5ubuntu1","2.7.0-5ubuntu1.1","2.7.0-5ubuntu1.2","2.7.0-5ubuntu1.3","2.7.0-5ubuntu1.4","2.7.0-5ubuntu1.5","2.7.0-5ubuntu1.6","2.7.0-5ubuntu1.7","2.7.0-5ubuntu1.8","2.7.0-5ubuntu1.9","2.7.0-5ubuntu1.10","2.7.0-5ubuntu1.11","2.7.0-5ubuntu1.12"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.7.0-5ubuntu1.13","binary_name":"libruby2.7"},{"binary_version":"2.7.0-5ubuntu1.13","binary_name":"ruby2.7"},{"binary_version":"2.7.0-5ubuntu1.13","binary_name":"ruby2.7-dev"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6838-1.json","cves_map":{"cves":[{"id":"CVE-2024-27281","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-27282","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:20.04:LTS"}}},{"package":{"name":"ruby3.0","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/ruby3.0@3.0.2-7ubuntu2.6?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.2-7ubuntu2.6"}]}],"versions":["3.0.2-5ubuntu1","3.0.2-7","3.0.2-7ubuntu2","3.0.2-7ubuntu2.1","3.0.2-7ubuntu2.2","3.0.2-7ubuntu2.3","3.0.2-7ubuntu2.4","3.0.2-7ubuntu2.5"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"3.0.2-7ubuntu2.6","binary_name":"libruby3.0"},{"binary_version":"3.0.2-7ubuntu2.6","binary_name":"ruby3.0"},{"binary_version":"3.0.2-7ubuntu2.6","binary_name":"ruby3.0-dev"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6838-1.json","cves_map":{"cves":[{"id":"CVE-2024-27281","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-27282","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:22.04:LTS"}}},{"package":{"name":"ruby3.2","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/ruby3.2@3.2.3-1ubuntu0.24.04.1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.3-1ubuntu0.24.04.1"}]}],"versions":["3.2.3-1","3.2.3-1build2","3.2.3-1build3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"3.2.3-1ubuntu0.24.04.1","binary_name":"libruby3.2"},{"binary_version":"3.2.3-1ubuntu0.24.04.1","binary_name":"ruby3.2"},{"binary_version":"3.2.3-1ubuntu0.24.04.1","binary_name":"ruby3.2-dev"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6838-1.json","cves_map":{"cves":[{"id":"CVE-2024-27281","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-27282","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:24.04:LTS"}}}],"schema_version":"1.7.3"}