Piao

**Name of the Vulnerable Software and Affected Versions** Ruby versions 2.6.0 through 2.6.9 Ruby versions 2.7.x through 2.7.5 Ruby versions 3.0.0 through 3.0.3 Ruby versions 3.1.0 through 3.1.1 **Description** The issue is related to a buffer over-read in Ruby, specifically in String-to-Float conversion, including `Kernel#Float` and `String#to f`. This can potentially allow a remote attacker to cause a denial of service. The vulnerability occurs due to a memory corruption issue. **Recommendations** For Ruby versions 2.6.0 through 2.6.9, update to version 2.6.10 or later. For Ruby versions 2.7.x through 2.7.5, update to version 2.7.6 or later. For Ruby versions 3.0.0 through 3.0.3, update to version 3.0.4 or later. For Ruby versions 3.1.0 through 3.1.1, update to version 3.1.2 or later.

**Name of the Vulnerable Software and Affected Versions** Ruby versions 3.0.0 through 3.0.3 Ruby versions 3.1.0 through 3.1.1 **Description** A double free was found in the Regexp compiler. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations. The issue is related to the implementation of the Regexp class and can lead to a denial of service using specially crafted Regexp objects. **Recommendations** For Ruby versions 3.0.0 through 3.0.3, update to version 3.0.4 or later. For Ruby versions 3.1.0 through 3.1.1, update to version 3.1.2 or later. As a temporary workaround, consider restricting the creation of Regexp objects from untrusted user input until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Ruby versions prior to 2.5.9 Ruby versions 2.6.x through 2.6.6 Ruby versions 2.7.x through 2.7.1 **Description** The issue is related to the WEBrick library in Ruby, which has a problem with incorrect checking of the header value. This can potentially allow a remote attacker to impact data integrity by bypassing a reverse proxy with poor header checks, leading to an HTTP Request Smuggling attack. **Recommendations** For Ruby versions prior to 2.5.9, update to version 2.5.9 or later to resolve the issue. For Ruby versions 2.6.x through 2.6.6, update to version 2.6.7 or later to resolve the issue. For Ruby versions 2.7.x through 2.7.1, update to version 2.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the WEBrick server to minimize the risk of exploitation.