Sp2Ip

**Name of the Vulnerable Software and Affected Versions** Ruby versions 3.0.0 through 3.3.0 **Description** The issue is related to a buffer overflow in the heap of the Ruby programming language interpreter. It allows an attacker to impact the confidentiality, integrity, and availability of protected information. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. **Recommendations** For Ruby versions 3.0.0 through 3.0.6, update to version 3.0.7. For Ruby versions 3.1.0 through 3.1.4, update to version 3.1.5. For Ruby versions 3.2.0 through 3.2.3, update to version 3.2.4. For Ruby versions 3.3.0, update to version 3.3.1. As a temporary workaround, consider restricting the use of the Ruby regex compiler with attacker-supplied data until a patch is applied.