{"id":"CVE-2024-27280","details":"A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2.","aliases":["GHSA-v5h6-c2hv-hv3r"],"modified":"2026-02-05T00:28:55.357647Z","published":"2024-05-14T15:11:56Z","related":["ALSA-2024:3500","ALSA-2024:3546","ALSA-2024:3668","ALSA-2024:3670","ALSA-2024:3671","ALSA-2024:3838","ALSA-2024:4499","CGA-g58q-g5rj-3hpg","MGASA-2024-0160","RLSA-2024:3546"],"references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20250502-0003/"},{"type":"WEB","url":"https://hackerone.com/reports/1399856"},{"type":"WEB","url":"https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/"}],"schema_version":"1.7.3"}