PT-2023-2261 · Ruby+12 · Ruby+12
Oooooo_Q
·
Publicado
2022-09-18
·
Atualizado
2025-11-04
·
CVE-2023-28756
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Time component versions through 0.2.1
Ruby versions through 3.2.1
Description
A ReDoS issue was discovered in the Time component, where the Time parser mishandles invalid URLs with specific characters, causing an increase in execution time for parsing strings to Time objects. This issue is related to the use of a regular expression with inefficient computational complexity, which can be exploited by a remote attacker to cause a denial of service.
Recommendations
For Time component versions through 0.2.1, update to version 0.2.2 to resolve the issue.
For Ruby versions through 3.2.1, ensure that the Time component is updated to a fixed version, such as 0.2.2, to mitigate the risk of exploitation.
As a temporary workaround, consider restricting the use of the Time parser to minimize the risk of exploitation until a patch is available.
Exploit
Correção
DoS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Red Hat
Red Os
Rocky Linux
Ruby
Suse
Time
Ubuntu