Opened 7 months ago
Closed 7 months ago
#20317 closed enhancement (fixed)
ruby-3.3.5
| Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.3 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New point version.
Change History (3)
comment:1 by , 7 months ago
| Owner: | changed from to |
|---|---|
| Priority: | normal → elevated |
| Status: | new → assigned |
comment:2 by , 7 months ago
Release notes:
What's Changed
retry on cancelling of getaddrinfo by ko1 · Pull Request #11131
Bug #20633: compile error at vm_insnhelper.c when HAVE_DECL_ATOMIC_SIGNAL_FENCE is 0
Bug #20641: lib/bundled_gems.rb makes Kernel.require over 100x slower
Bug #20650: Memory leak in Regexp capture group when timeout
Bug #20088: Ruby 3.3.0 does not cross-complie on arm64-darwin
Bug #20653: Memory leak in String#start_with? when regexp times out
Bug #20654: Floor and ceil have unexpected behaviour when ndigits is large
Update RubyGems 3.5.16 and Bundler 2.5.16 for Ruby 3.3 by hsbt · Pull Request #11252
Bug #20668: [3.3] shareable_constant_value: literal crash
Backport warning feature for bundled gems from master by hsbt · Pull Request #11420
Bug #20688: Use-after-free in WeakMap and WeakKeyMap
Bug #20691: Use-after-free in WeakKeyMap#clear
Merge URI-0.13.1 for Ruby 3.3 by hsbt · Pull Request #11466
Bug #20667: Backport REXML CVE fixes
Bug #20651: false && (1 in 1) produces argument stack underflow (-1)
Bug #20649: Ripper fails to tokenize def f; (x)::A =
Bug #20344: argument stack underflow (-1)
Bug #20701: Hash argument passed as keyword splat can be mutated inside method
There are four security fixes here - CVE-2024-39908, CVE-2024-41123, CVE-2024-41946, and CVE-2024-43398.
CVE-2024-39908
CVE-2024-39908: DoS vulnerability in REXML
There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE
identifier CVE-2024-39908. We strongly recommend upgrading the REXML gem.
Details
When it parses an XML that has many specific characters such as <, 0 and %>. REXML gem
may take long time.
Please update REXML gem to version 3.3.2 or later.
Affected versions
REXML gem 3.3.1 or prior
Credits
Thanks to mprogrammer for discovering this issue.
History
Originally published at 2024-07-16 03:00:00 (UTC)
CVE-2024-41123
CVE-2024-41123: DoS vulnerabilities in REXML
There are some DoS vulnerabilities in REXML gem. These vulnerabilities have been
assigned the CVE identifier CVE-2024-41123. We strongly recommend upgrading the REXML gem.
Details
When parsing an XML document that has many specific characters such as whitespace character, >] and ]>, REXML gem may take long time.
Please update REXML gem to version 3.3.3 or later.
Affected versions
REXML gem 3.3.2 or prior
Credits
Thanks to mprogrammer and scyoon for discovering these issues.
History
Originally published at 2024-08-01 03:00:00 (UTC)
CVE-2024-41946
CVE-2024-41946: DoS vulnerability in REXML
There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE
identifier CVE-2024-41946. We strongly recommend upgrading the REXML gem.
Details
When parsing an XML that has many entity expansions with SAX2 or pull parser API, REXML
gem may take long time.
Please update REXML gem to version 3.3.3 or later.
Affected versions
REXML gem 3.3.2 or prior
Credits
Thanks to NAITOH Jun for discovering and fixing this issue.
History
Originally published at 2024-08-01 03:00:00 (UTC)
CVE-2024-43398
CVE-2024-43398: DoS vulnerability in REXML
There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE
identifier CVE-2024-43398. We strongly recommend upgrading the REXML gem.
Details
When parsing an XML that has many deep elements that have same local name attributes,
REXML gem may take long time.
It’s only affected with the tree parser API. If you’re using REXML::Document.new to
parse an XML, you may be affected.
Please update REXML gem to version 3.3.6 or later.
Affected versions
REXML gem 3.3.5 or prior
Credits
Thanks to l33thaxor for discovering this issue.
History
Originally published at 2024-08-22 03:00:00 (UTC)
comment:3 by , 7 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at a63b21ef98005fd07fff599ab1adbca0d6327b8a
SA-12.2-003 issued
Note:
See TracTickets
for help on using tickets.
The changes for the REXML vulnerabilities were finally backported to 3.3.x - it appears that the update to that gem was missed for 3.2/3.3, but was done for 3.0/3.1.