=====================================================================

                                 CERT-Renater

                      Note d'Information No. 2024/VULN143
_____________________________________________________________________

DATE                : 26/03/2024

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running StringIO gem versions prior to
                                       3.0.3.

=====================================================================
https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/
_____________________________________________________________________


CVE-2024-27280: Buffer overread vulnerability in StringIO

Posted by hsbt on 21 Mar 2024

We have released the StringIO gem version 3.0.1.1 and 3.0.1.2 that
have a security fix for a buffer overread vulnerability. This
vulnerability has been assigned the CVE identifier CVE-2024-27280.


Details

An issue was discovered in StringIO 3.0.1, as distributed in Ruby
3.0.x through 3.0.6 and 3.1.x through 3.1.4.

The ungetbyte and ungetc methods on a StringIO can read past the
end of a string, and a subsequent call to StringIO.gets may return
the memory value.

This vulnerability is not affected StringIO 3.0.3 and later, and
Ruby 3.2.x and later.


Recommended action

We recommend to update the StringIO gem to version 3.0.3 or later.
In order to ensure compatibility with bundled version in older Ruby
series, you may update as follows instead:

     For Ruby 3.0 users: Update to stringio 3.0.1.1
     For Ruby 3.1 users: Update to stringio 3.0.1.2

Note: that StringIO 3.0.1.2 contains not only the fix for this
vulnerability but also a bugfix for [Bug #19389].

You can use gem update stringio to update it. If you are using
bundler, please add gem "stringio", ">= 3.0.1.2" to your Gemfile.


Affected versions

     Ruby 3.0.6 or lower
     Ruby 3.1.4 or lower
     StringIO gem 3.0.2 or lower


Credits

Thanks to david_h1 for discovering this issue.


History

     Originally published at 2024-03-21 4:00:00 (UTC)


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================