Vulnerability CVE-2022-28739

Vulnerability Name:

CVE-2022-28739 (CCN-226048)

Assigned:

2022-04-12

Published:

2022-04-12

Updated:

2023-06-09

Summary:

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

8.2 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H)
7.1 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): High

6.2 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.4 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

8.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): Complete

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2022-28739

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: XF
Type: UNKNOWN
ruby-cve202228739-dos(226048)

Source: cve@mitre.org
Type: Permissions Required, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: Ruby Web site
CVE-2022-28739: Buffer overrun in String-to-Float conversion

Source: cve@mitre.org
Type: Vendor Advisory
cve@mitre.org

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

Configuration RedHat 5:

cpe:/a:redhat:enterprise_linux:9::crb:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mislav_marohnic:will_paginate:3.0.3:-:-:*:-:ruby:*:*

OR cpe:/a:bibtex-ruby_project:bibtex-ruby:3.1.1:*:*:*:*:*:*:*

OR cpe:/a:recurly:recurly_client_ruby:2.7.5:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7660	P	libruby2_5-2_5-2.5.9-150000.4.26.1 on GA media (Moderate)	2023-06-12
oval:com.redhat.rhsa:def:20226585	P	RHSA-2022:6585: ruby security, bug fix, and enhancement update (Moderate)	2022-09-20
oval:com.redhat.rhsa:def:20226450	P	RHSA-2022:6450: ruby:3.0 security, bug fix, and enhancement update (Moderate)	2022-09-13
oval:com.redhat.rhsa:def:20226447	P	RHSA-2022:6447: ruby:2.7 security, bug fix, and enhancement update (Moderate)	2022-09-13
oval:com.redhat.rhsa:def:20225338	P	RHSA-2022:5338: ruby:2.6 security, bug fix, and enhancement update (Moderate)	2022-06-30
oval:org.opensuse.security:def:3070	P	freeradius-server-3.0.19-1.48 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94700	P	libruby2_5-2_5-2.5.9-150000.4.23.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:118699	P	Security update for ruby2.5 (Important)	2022-05-03
oval:org.opensuse.security:def:93450	P	(Important)	2022-05-03
oval:org.opensuse.security:def:119386	P	Security update for ruby2.5 (Important)	2022-05-03
oval:org.opensuse.security:def:94230	P	(Important)	2022-05-03
oval:org.opensuse.security:def:42180	P	Security update for ruby2.5 (Important)	2022-05-03
oval:org.opensuse.security:def:118889	P	Security update for ruby2.5 (Important)	2022-05-03
oval:org.opensuse.security:def:93604	P	(Important)	2022-05-03
oval:org.opensuse.security:def:878	P	Security update for ruby2.5 (Important)	2022-05-03
oval:org.opensuse.security:def:119571	P	Security update for ruby2.5 (Important)	2022-05-03
oval:org.opensuse.security:def:94439	P	(Important)	2022-05-03
oval:org.opensuse.security:def:93132	P	(Important)	2022-05-03
oval:org.opensuse.security:def:467	P	Security update for ruby2.5 (Important)	2022-05-03
oval:org.opensuse.security:def:119086	P	Security update for ruby2.5 (Important)	2022-05-03
oval:org.opensuse.security:def:93804	P	(Important)	2022-05-03
oval:org.opensuse.security:def:93292	P	(Important)	2022-05-03
oval:org.opensuse.security:def:119196	P	Security update for ruby2.5 (Important)	2022-05-03
oval:org.opensuse.security:def:94018	P	(Important)	2022-05-03
oval:org.opensuse.security:def:101624	P	Security update for ruby2.5 (Important) (in QA)	2022-04-21

BACK