{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-28739","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2025-11-04T16:09:44.276Z","dateReserved":"2022-04-06T00:00:00.000Z","datePublished":"2022-05-09T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2024-01-24T05:06:24.719Z"},"descriptions":[{"lang":"en","value":"There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f."}],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"url":"https://hackerone.com/reports/1248108"},{"url":"https://security-tracker.debian.org/tracker/CVE-2022-28739"},{"url":"https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/"},{"url":"https://security.netapp.com/advisory/ntap-20220624-0002/"},{"url":"https://support.apple.com/kb/HT213488"},{"url":"https://support.apple.com/kb/HT213494"},{"url":"https://support.apple.com/kb/HT213493"},{"name":"20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2022/Oct/41"},{"name":"20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2022/Oct/28"},{"name":"20221030 APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2022/Oct/30"},{"name":"20221030 APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2022/Oct/29"},{"name":"20221030 APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2022/Oct/42"},{"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html"},{"url":"https://security.gentoo.org/glsa/202401-27"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"n/a"}]}]},"adp":[{"title":"CVE Program Container","references":[{"url":"https://hackerone.com/reports/1248108","tags":["x_transferred"]},{"url":"https://security-tracker.debian.org/tracker/CVE-2022-28739","tags":["x_transferred"]},{"url":"https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/","tags":["x_transferred"]},{"url":"https://security.netapp.com/advisory/ntap-20220624-0002/","tags":["x_transferred"]},{"url":"https://support.apple.com/kb/HT213488","tags":["x_transferred"]},{"url":"https://support.apple.com/kb/HT213494","tags":["x_transferred"]},{"url":"https://support.apple.com/kb/HT213493","tags":["x_transferred"]},{"name":"20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2022/Oct/41"},{"name":"20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2022/Oct/28"},{"name":"20221030 APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2022/Oct/30"},{"name":"20221030 APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2022/Oct/29"},{"name":"20221030 APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2022/Oct/42"},{"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html","tags":["x_transferred"]},{"url":"https://security.gentoo.org/glsa/202401-27","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T16:09:44.276Z"}}]}}