CVE-2023-28756

ULN >
Oracle Linux CVE repository >
CVE-2023-28756

CVE Details

Release Date:	2023-03-21
Impact:	Moderate	What is this?

Description

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

See more information about CVE-2023-28756 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v3 metrics

Base Score:	5.3
Vector String:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Version:	3.0
Attack Vector:	Network
Attack Complexity:	Low
Privileges Required:	None
User Interaction:	None
Scope:	Unchanged
Confidentiality Impact:	None
Integrity Impact:	None
Availability Impact:	Low

Errata information

Platform	Errata	Release Date
Oracle Linux version 8 (ruby)	ELSA-2023-3821	2023-07-08
Oracle Linux version 8 (ruby)	ELSA-2023-7025	2023-11-18
Oracle Linux version 8 (ruby)	ELSA-2024-1431	2024-03-20
Oracle Linux version 8 (ruby)	ELSA-2024-3500	2024-05-31
Oracle Linux version 8 (rubygem-abrt)	ELSA-2023-3821	2023-07-08
Oracle Linux version 8 (rubygem-abrt)	ELSA-2023-7025	2023-11-18
Oracle Linux version 8 (rubygem-abrt)	ELSA-2024-1431	2024-03-20
Oracle Linux version 8 (rubygem-abrt)	ELSA-2024-3500	2024-05-31
Oracle Linux version 8 (rubygem-bson)	ELSA-2023-3821	2023-07-08
Oracle Linux version 8 (rubygem-bson)	ELSA-2023-7025	2023-11-18
Oracle Linux version 8 (rubygem-bundler)	ELSA-2023-7025	2023-11-18
Oracle Linux version 8 (rubygem-mongo)	ELSA-2023-3821	2023-07-08
Oracle Linux version 8 (rubygem-mongo)	ELSA-2023-7025	2023-11-18
Oracle Linux version 8 (rubygem-mysql2)	ELSA-2023-3821	2023-07-08
Oracle Linux version 8 (rubygem-mysql2)	ELSA-2023-7025	2023-11-18
Oracle Linux version 8 (rubygem-mysql2)	ELSA-2024-1431	2024-03-20
Oracle Linux version 8 (rubygem-mysql2)	ELSA-2024-3500	2024-05-31
Oracle Linux version 8 (rubygem-pg)	ELSA-2023-3821	2023-07-08
Oracle Linux version 8 (rubygem-pg)	ELSA-2023-7025	2023-11-18
Oracle Linux version 8 (rubygem-pg)	ELSA-2024-1431	2024-03-20
Oracle Linux version 8 (rubygem-pg)	ELSA-2024-3500	2024-05-31
Oracle Linux version 9 (ruby)	ELSA-2024-1576	2024-04-02
Oracle Linux version 9 (ruby)	ELSA-2024-3838	2024-06-13
Oracle Linux version 9 (rubygem-mysql2)	ELSA-2024-1576	2024-04-02
Oracle Linux version 9 (rubygem-pg)	ELSA-2024-1576	2024-04-02

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

Oracle customers - enter a support request
Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691