{"id":"USN-7735-1","summary":"rubygems vulnerabilities","details":"It was discovered that RubyGems incorrectly handled certain regular\nexpressions. An attacker could use this issue to cause RubyGems to crash,\nresulting in a denial of service. This issue only affected Ubuntu 22.04\nLTS. (CVE-2023-28755)\n\nIt was discovered that RubyGems incorrectly handled decompressed domain\nnames within a DNS packet. An attacker could use this issue to cause\nRubyGems to crash, resulting in a denial of service. This issue only\naffected Ubuntu 25.04. (CVE-2025-24294)","modified":"2026-04-24T10:05:07.576628Z","published":"2025-09-03T12:43:45Z","related":["UBUNTU-CVE-2023-28755","UBUNTU-CVE-2025-24294"],"upstream":["CVE-2023-28755","CVE-2025-24294","UBUNTU-CVE-2023-28755","UBUNTU-CVE-2025-24294"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7735-1"}],"affected":[{"package":{"name":"rubygems","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/rubygems@3.3.5-2ubuntu1.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.3.5-2ubuntu1.1"}]}],"versions":["3.2.5-2","3.2.27-2","3.2.27-3","3.3.5-2"],"ecosystem_specific":{"binaries":[{"binary_version":"2.3.5-2ubuntu1.1","binary_name":"bundler"},{"binary_version":"2.3.5-2ubuntu1.1","binary_name":"ruby-bundler"},{"binary_version":"3.3.5-2ubuntu1.1","binary_name":"ruby-rubygems"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7735-1.json","cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[]}}}],"schema_version":"1.7.5"}