PT-2023-2261 · Ruby+12 · Ruby+12
Oooooo_Q
·
Published
2022-09-18
·
Updated
2025-11-04
·
CVE-2023-28756
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Time component versions through 0.2.1
Ruby versions through 3.2.1
Description
A ReDoS issue was discovered in the Time component, where the Time parser mishandles invalid URLs with specific characters, causing an increase in execution time for parsing strings to Time objects. This issue is related to the use of a regular expression with inefficient computational complexity, which can be exploited by a remote attacker to cause a denial of service.
Recommendations
For Time component versions through 0.2.1, update to version 0.2.2 to resolve the issue.
For Ruby versions through 3.2.1, ensure that the Time component is updated to a fixed version, such as 0.2.2, to mitigate the risk of exploitation.
As a temporary workaround, consider restricting the use of the Time parser to minimize the risk of exploitation until a patch is available.
Exploit
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Red Hat
Red Os
Rocky Linux
Ruby
Suse
Time
Ubuntu