OSV-2023-322

Import Source

JSON Data

https://api.osv.dev/v1/vulns/OSV-2023-322

Published

2023-04-17T14:02:30.767106Z

Modified

2023-04-17T14:02:30.767357Z

Summary

Use-after-poison in str_new_frozen_buffer

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58079

Crash type: Use-after-poison READ 8
Crash state:
str_new_frozen_buffer
fstr_update_callback
rb_st_update

References

Affected packages

Type: GIT
Repo: https://github.com/ruby/ruby.git
Events: Introduced

19aa30d5d515cd602211d4708e709913d5a136e1

Fixed

628e432739e1d2578d357420aa652a97eb8c2649

{
    "severity": "HIGH"
}

fixed_range

"d8a6db7292e8c92540f3dd2c939508ca1dd8cc41:628e432739e1d2578d357420aa652a97eb8c2649"

source

"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ruby/OSV-2023-322.yaml"

introduced_range

"34f484d233e8417588e2c1f7733b483597603cfc:29e01c6f5f8901bdaab818dfd4699cfa2a86b8e6"