{"id":"CVE-2022-28739","details":"There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.","aliases":["BIT-ruby-2022-28739","BIT-ruby-min-2022-28739"],"modified":"2026-04-16T04:32:48.260306211Z","published":"2022-05-09T18:15:08.540Z","related":["ALSA-2022:6447","ALSA-2022:6450","ALSA-2022:6585","ALSA-2023:7025","SUSE-SU-2022:1512-1","openSUSE-SU-2024:12006-1","openSUSE-SU-2024:12712-1","openSUSE-SU-2024:13623-1","openSUSE-SU-2025:14621-1","openSUSE-SU-2025:15819-1"],"references":[{"type":"WEB","url":"http://seclists.org/fulldisclosure/2022/Oct/29"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2022/Oct/42"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2022/Oct/30"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2022/Oct/28"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2022/Oct/41"},{"type":"ADVISORY","url":"https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/"},{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2022-28739"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202401-27"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT213493"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT213494"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220624-0002/"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT213488"},{"type":"REPORT","url":"https://hackerone.com/reports/1248108"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ruby/ruby","events":[{"introduced":"0"},{"fixed":"7b4ea5bb73df1524444f2f61ab5d32e30e94b6f2"},{"introduced":"647ee6f091eafcce70ffb75ddf7e121e192ab217"},{"fixed":"c9c2245c0a25176072e02db9254f0e0c84c805cd"},{"introduced":"95aff214687a5e12c3eb57d056665741e734c188"},{"fixed":"3fa771ddedac25560be57f4055f1767e6c810f58"},{"introduced":"fb4df44d1670e9d25aef6b235a7281199a177edb"},{"fixed":"4491bb740a9506d76391ac44bb2fe6e483fec952"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.6.10"},{"introduced":"2.7.0"},{"fixed":"2.7.6"},{"introduced":"3.0.0"},{"fixed":"3.0.4"},{"introduced":"3.1.0"},{"fixed":"3.1.2"}]}}],"versions":["v1_0_r2","v2_7_0","v2_7_1","v2_7_2","v2_7_3","v2_7_4","v2_7_5","v3_0_0","v3_0_1","v3_0_2","v3_0_3","v3_1_0","v3_1_1"],"database_specific":{"vanir_signatures":[{"digest":{"function_hash":"328864874327574063403775378011327146659","length":8488},"signature_version":"v1","source":"https://github.com/ruby/ruby/commit/3fa771ddedac25560be57f4055f1767e6c810f58","target":{"function":"strtod","file":"missing/dtoa.c"},"signature_type":"Function","id":"CVE-2022-28739-6a62c92b","deprecated":false},{"digest":{"function_hash":"328864874327574063403775378011327146659","length":8488},"signature_version":"v1","source":"https://github.com/ruby/ruby/commit/c9c2245c0a25176072e02db9254f0e0c84c805cd","signature_type":"Function","deprecated":false,"id":"CVE-2022-28739-9881b371","target":{"function":"strtod","file":"missing/dtoa.c"}},{"digest":{"line_hashes":["337285692131683350587106124606194849187","171125667734974039822063106046701353862","315160000533057727845661241951943922131","27247823211488908491542581188290566144","268560890618114141161195735339343855241","321395545576834868767584132304880323141","12924114540111067235220886822648996878","18815063887966383786580032668437598724"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/ruby/ruby/commit/c9c2245c0a25176072e02db9254f0e0c84c805cd","target":{"file":"missing/dtoa.c"},"signature_type":"Line","id":"CVE-2022-28739-cd9ec724","deprecated":false},{"digest":{"line_hashes":["337285692131683350587106124606194849187","171125667734974039822063106046701353862","315160000533057727845661241951943922131","27247823211488908491542581188290566144","268560890618114141161195735339343855241","321395545576834868767584132304880323141","12924114540111067235220886822648996878","18815063887966383786580032668437598724"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/ruby/ruby/commit/3fa771ddedac25560be57f4055f1767e6c810f58","signature_type":"Line","deprecated":false,"id":"CVE-2022-28739-d67435c3","target":{"file":"missing/dtoa.c"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-28739.json","vanir_signatures_modified":"2026-04-11T23:14:46Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]},{"events":[{"introduced":"11.0"},{"fixed":"11.7.1"}]},{"events":[{"introduced":"12.0"},{"fixed":"12.6.1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}