SPECIAL TOPICS
  1. You are here:Home
  2. Articles
  3. cve-2024-27280-buffer-overread-vulnerability-in-stringio

CVE-2024-27280: Buffer overread vulnerability in StringIO

  • 21/03/2024
  • 320

We have released the StringIO gem version 3.0.1.1 and 3.0.1.2 that have a security fix for a buffer overread vulnerability. This vulnerability has been assigned the CVE identifier CVE-2024-27280.DetailsAn issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4.The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value.This vulnerability is not affected StringIO 3.0.3 and later, and Ruby 3.2.x and later.
CVE-2024-27280: Buffer overread vulnerability in StringIO #ruby #rubydeveloper #rubyonrails #vulnerability https://www.rubyonrails.ba/single/cve-2024-27280-buffer-overread-vulnerability-in-stringio

RubyOnRails.BA

If you think that this shoudn't be here on the site, please contact us and we will remove it.

Read more
previous article

Test X by Controlling X

share this post
  • linkedin rubyonrails.ba
  • twitter rubyonrails.ba
  • facebook rubyonrails.ba
next article

Speeding up Initial Rendering of Rails Pages with render_async.

quiz.rubyonrails.ba
blog.rubyonrails.ba
Nezir Zahirovic

Contractor Ruby On Rails (8+ years) / MCPD .Net / C# / Asp.Net / CSS / SQL / (11 years)

related articles

Popular Post