CVE-2024-27280
Published: March 28, 2024Last modified: July 9, 2024
Description
An issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. This vulnerability is not affected StringIO 3.0.3 and later, and Ruby 3.2.x and later.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 9.8 |
| Attack Vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | HIGH |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | ruby | Fixed (3.1.5-r0) |
| Stream | ruby | Fixed (3.3.1-r0) |
References
- http://seclists.org/fulldisclosure/2025/Sep/53
- http://seclists.org/fulldisclosure/2025/Sep/54
- http://seclists.org/fulldisclosure/2025/Sep/55
- https://hackerone.com/reports/1399856
- https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html
- https://lists.fedoraproject.org/archives/list/[email protected]/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/XYDHPHEZI7OQXTQKTDZHGZNPIJH7ZV5N/
- https://security.netapp.com/advisory/ntap-20250502-0003/
- https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/