FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rubygem-uri -- ReDoS vulnerability

Affected packages
2.7.0,1 <= ruby < 2.7.8,1
3.0.0,1 <= ruby < 3.0.6,1
3.1.0,1 <= ruby < 3.1.4,1
3.2.0.p1,1 <= ruby < 3.2.2,1
2.7.0,1 <= ruby27 < 2.7.8,1
3.0.0,1 <= ruby30 < 3.0.6,1
3.1.0,1 <= ruby31 < 3.1.4,1
3.2.0.p1,1 <= ruby32 < 3.2.2,1
rubygem-uri < 0.12.1

Details

VuXML ID 9b60bba1-cf18-11ed-bd44-080027f5fec9
Discovery 2023-03-28
Entry 2023-03-30

Dominic Couture reports:

A ReDoS issue was discovered in the URI component. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects.

[source]

References

CVE Name CVE-2023-28755
URL https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.