OSV-2023-322

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ruby/OSV-2023-322.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2023-322

Published

2023-04-17T14:02:30.767106Z

Modified

2023-04-17T14:02:30.767357Z

Summary

Use-after-poison in str_new_frozen_buffer

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58079

Crash type: Use-after-poison READ 8
Crash state:
str_new_frozen_buffer
fstr_update_callback
rb_st_update

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58079

Affected packages

OSS-Fuzz / ruby

Package

Name: ruby
Purl: pkg:generic/ruby

Affected ranges

Type: GIT
Repo: https://github.com/ruby/ruby.git
Events: Introduced

19aa30d5d515cd602211d4708e709913d5a136e1

Fixed

628e432739e1d2578d357420aa652a97eb8c2649

Ecosystem specific

{
    "severity": "HIGH"
}

Database specific

{
    "introduced_range": "34f484d233e8417588e2c1f7733b483597603cfc:29e01c6f5f8901bdaab818dfd4699cfa2a86b8e6",
    "fixed_range": "d8a6db7292e8c92540f3dd2c939508ca1dd8cc41:628e432739e1d2578d357420aa652a97eb8c2649"
}