{"id":"CVE-2022-28738","details":"A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.","aliases":["BIT-ruby-2022-28738","BIT-ruby-min-2022-28738"],"modified":"2026-04-16T04:38:49.260494830Z","published":"2022-05-09T18:15:08.490Z","related":["ALSA-2022:6450","ALSA-2022:6585","openSUSE-SU-2024:12006-1","openSUSE-SU-2024:12712-1","openSUSE-SU-2024:13623-1","openSUSE-SU-2025:14621-1","openSUSE-SU-2025:15819-1"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202401-27"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220624-0002/"},{"type":"ADVISORY","url":"https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/"},{"type":"REPORT","url":"https://hackerone.com/reports/1220911"},{"type":"FIX","url":"https://security-tracker.debian.org/tracker/CVE-2022-28738"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ruby/ruby","events":[{"introduced":"95aff214687a5e12c3eb57d056665741e734c188"},{"fixed":"3fa771ddedac25560be57f4055f1767e6c810f58"},{"introduced":"fb4df44d1670e9d25aef6b235a7281199a177edb"},{"fixed":"4491bb740a9506d76391ac44bb2fe6e483fec952"}],"database_specific":{"versions":[{"introduced":"3.0.0"},{"fixed":"3.0.4"},{"introduced":"3.1.0"},{"fixed":"3.1.2"}]}}],"versions":["v3_0_0","v3_0_1","v3_0_2","v3_0_3","v3_1_0","v3_1_1"],"database_specific":{"vanir_signatures_modified":"2026-04-11T23:14:46Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-28738.json","vanir_signatures":[{"id":"CVE-2022-28738-6a62c92b","signature_type":"Function","source":"https://github.com/ruby/ruby/commit/3fa771ddedac25560be57f4055f1767e6c810f58","signature_version":"v1","digest":{"length":8488,"function_hash":"328864874327574063403775378011327146659"},"target":{"file":"missing/dtoa.c","function":"strtod"},"deprecated":false},{"id":"CVE-2022-28738-d67435c3","signature_type":"Line","source":"https://github.com/ruby/ruby/commit/3fa771ddedac25560be57f4055f1767e6c810f58","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["337285692131683350587106124606194849187","171125667734974039822063106046701353862","315160000533057727845661241951943922131","27247823211488908491542581188290566144","268560890618114141161195735339343855241","321395545576834868767584132304880323141","12924114540111067235220886822648996878","18815063887966383786580032668437598724"]},"deprecated":false,"target":{"file":"missing/dtoa.c"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}