CVE-2024-27280

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-27280

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27280.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-27280

Aliases

GHSA-v5h6-c2hv-hv3r

Downstream

ALPINE-CVE-2024-27280

BELL-CVE-2024-27280

DEBIAN-CVE-2024-27280

DLA-3858-1

DSA-5677-1

OESA-2024-1433

RHSA-2024:3500

RHSA-2024:3546

RHSA-2024:3668

RHSA-2024:3670

RHSA-2024:3671

RHSA-2024:3838

RHSA-2024:4499

RLSA-2024:3668

RLSA-2024:3671

UBUNTU-CVE-2024-27280

USN-6853-1

USN-7734-1

Related

Published

2024-05-14T15:11:56Z

Modified

2025-05-30T18:00:04Z

Summary

[none]

Details

A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2.

References

Affected packages