{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-27280", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-02-13T15:47:15.288Z", "datePublished": "2024-05-08T20:51:20.388Z", "dateReserved": "2024-02-22T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-08T20:51:20.724Z"}, "descriptions": [{"lang": "en", "value": "A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://hackerone.com/reports/1399856"}, {"url": "https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-27280", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-09T18:08:05.682025Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ruby-lang:ruby:-:*:*:*:*:*:*:*"], "vendor": "ruby-lang", "product": "ruby", "versions": [{"status": "affected", "version": "3.0.3", "versionType": "custom", "lessThanOrEqual": "3.0.6"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:46:36.722Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:27:59.862Z"}, "title": "CVE Program Container", "references": [{"url": "https://hackerone.com/reports/1399856", "tags": ["x_transferred"]}, {"url": "https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://hackerone.com/reports/1399856", "tags": ["x_transferred"]}, {"url": "https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:27:59.862Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-27280", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-09T18:08:05.682025Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ruby-lang:ruby:-:*:*:*:*:*:*:*"], "vendor": "ruby-lang", "product": "ruby", "versions": [{"status": "affected", "version": "3.0.3", "versionType": "custom", "lessThanOrEqual": "3.0.6"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-09T18:04:48.719Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://hackerone.com/reports/1399856"}, {"url": "https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/"}], "descriptions": [{"lang": "en", "value": "A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-08T20:51:20.724Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27280", "state": "PUBLISHED", "dateUpdated": "2025-02-13T15:47:15.288Z", "dateReserved": "2024-02-22T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-05-08T20:51:20.388Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2."}, {"lang": "es", "value": "Se descubri\u00f3 un problema de sobrelectura del b\u00fafer en StringIO 3.0.1, distribuido en Ruby 3.0.x hasta 3.0.6 y 3.1.x hasta 3.1.4. Los m\u00e9todos ungetbyte y ungetc en StringIO pueden leer m\u00e1s all\u00e1 del final de una cadena, y una llamada posterior a StringIO.gets puede devolver el valor de la memoria. 3.0.3 es la versi\u00f3n fija principal; sin embargo, para los usuarios de Ruby 3.0, una versi\u00f3n fija es stringio 3.0.1.1, y para los usuarios de Ruby 3.1, una versi\u00f3n fija es stringio 3.0.1.2."}], "id": "CVE-2024-27280", "lastModified": "2024-11-21T09:04:13.950", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-14T15:11:56.940", "references": [{"source": "cve@mitre.org", "url": "https://hackerone.com/reports/1399856"}, {"source": "cve@mitre.org", "url": "https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://hackerone.com/reports/1399856"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3500", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "ruby:3.0-8100020240522072634.489197e6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-30T00:00:00Z"}, {"advisory": "RHSA-2024:3546", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "ruby:3.1-8100020240510101534.489197e6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-06-03T00:00:00Z"}, {"advisory": "RHSA-2024:3670", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "ruby:3.3-8100020240522151542.489197e6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-06-06T00:00:00Z"}, {"advisory": "RHSA-2024:4499", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "ruby:2.5-8100020240627152904.489197e6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-07-11T00:00:00Z"}, {"advisory": "RHSA-2024:3668", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "ruby:3.1-9040020240503183840.9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-06-06T00:00:00Z"}, {"advisory": "RHSA-2024:3671", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "ruby:3.3-9040020240522171337.9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-06-06T00:00:00Z"}, {"advisory": "RHSA-2024:3838", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "ruby-0:3.0.7-162.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-06-11T00:00:00Z"}], "bugzilla": {"description": "ruby: Buffer overread vulnerability in StringIO", "id": "2270750", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270750"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-126", "details": ["A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2.", "A buffer overread flaw was found in rubygem StringIO. The ungetbyte and ungetc methods on a StringIO object can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-27280", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ruby", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ruby", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "puppet-memcached", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Not affected", "package_name": "puppet-memcached", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "satellite-installer", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "ruby", "product_name": "Red Hat Storage 3"}], "public_date": "2024-03-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-27280\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-27280\nhttps://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/"], "threat_severity": "Moderate", "upstream_fix": "stringio 3.0.1.1, stringio 3.0.1.2"}