5.3

CVE-2023-28755

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ruby-langUri SwPlatformruby Version <= 0.10.0
Ruby-langUri Version0.10.1 SwPlatformruby
Ruby-langUri Version0.11.0 SwPlatformruby
Ruby-langUri Version0.12.0 SwPlatformruby
DebianDebian Linux Version10.0
FedoraprojectFedora Version36
FedoraprojectFedora Version37
FedoraprojectFedora Version38
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.64% 0.836
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-1333 Inefficient Regular Expression Complexity

The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.

https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/202401-27
https://github.com/ruby/uri/releases/
Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QA6XUKUY7B5OLNQBLHOT43UW7C5NIOQQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z/
https://security.netapp.com/advisory/ntap-20230526-0003/
Third Party Advisory
https://www.ruby-lang.org/en/downloads/releases/
Release Notes
https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released/
Release Notes
https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/05/msg00015.html
https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF/