Skip to content

Commit 5b39cf5

Browse files
riseshiariseshia
committed
Translate "CVE-2022-28738: Double free in Regexp compilation"
1 parent fe1832a commit 5b39cf5

File tree

1 file changed

+18
-18
lines changed

1 file changed

+18
-18
lines changed

โ€Žko/news/_posts/2022-04-12-double-free-in-regexp-compilation-cve-2022-28738.md

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,35 +1,35 @@
11
---
22
layout: news_post
3-
title: "CVE-2022-28738: Double free in Regexp compilation"
3+
title: "CVE-2022-28738: ์ •๊ทœํ‘œํ˜„์‹ ์ปดํŒŒ์ผ์—์„œ์˜ ์ค‘๋ณต ํ• ๋‹น ํ•ด์ œ"
44
author: "mame"
5-
translator:
5+
translator: "shia"
66
date: 2022-04-12 12:00:00 +0000
77
tags: security
8-
lang: en
8+
lang: ko
99
---
1010

11-
A double-free vulnerability is discovered in Regexp compilation.
12-
This vulnerability has been assigned the CVE identifier [CVE-2022-28738](https://nvd.nist.gov/vuln/detail/CVE-2022-28738).
13-
We strongly recommend upgrading Ruby.
11+
์ •๊ทœํ‘œํ˜„์‹ ์ปดํŒŒ์ผ ์ค‘์— ์ค‘๋ณต ํ• ๋‹น ํ•ด์ œ ์ทจ์•ฝ์ ์ด ๋ฐœ๊ฒฌ๋˜์—ˆ์Šต๋‹ˆ๋‹ค.
12+
์ด ์ทจ์•ฝ์ ์€ CVE ๋ฒˆํ˜ธ [CVE-2022-28738](https://nvd.nist.gov/vuln/detail/CVE-2022-28738)๋กœ ๋“ฑ๋ก๋˜์—ˆ์Šต๋‹ˆ๋‹ค.
13+
Ruby๋ฅผ ๊ฐฑ์‹ ํ•˜๋Š” ๊ฒƒ์„ ๊ฐ•๋ ฅํžˆ ๊ถŒ์žฅํ•ฉ๋‹ˆ๋‹ค.
1414

15-
## Details
15+
## ์„ธ๋ถ€ ๋‚ด์šฉ
1616

17-
Due to a bug in the Regexp compilation process, creating a Regexp object with a crafted source string could cause the same memory to be freed twice. This is known as a "double free" vulnerability.
18-
Note that, in general, it is considered unsafe to create and use a Regexp object generated from untrusted input. In this case, however, following a comprehensive assessment, we treat this issue as a vulnerability.
17+
์ •๊ทœํ‘œํ˜„์‹ ์ปดํŒŒ์ผ ์ฒ˜๋ฆฌ์˜ ๋ฒ„๊ทธ๋กœ ์ธํ•ด, ํŠน์ • ์กฐ๊ฑด์„ ๋งŒ์กฑํ•˜๋Š” ๋ฌธ์ž์—ด์„ ์‚ฌ์šฉํ•ด Regexp ๊ฐ์ฒด๋ฅผ ์ƒ์„ฑํ•˜๋ฉด ๊ฐ™์€ ๋ฉ”๋ชจ๋ฆฌ๋ฅผ ๋‘ ๋ฒˆ ํ• ๋‹น ํ•ด์ œํ•  ๊ฐ€๋Šฅ์„ฑ์ด ์žˆ์Šต๋‹ˆ๋‹ค. ์ด๋Š” "์ค‘๋ณต ํ• ๋‹น ํ•ด์ œ" ์ทจ์•ฝ์ ์œผ๋กœ ์•Œ๋ ค์ ธ ์žˆ์Šต๋‹ˆ๋‹ค.
18+
์ผ๋ฐ˜์ ์œผ๋กœ๋Š” ์‹ ๋ขฐํ•  ์ˆ˜ ์—†๋Š” ์ž…๋ ฅ์œผ๋กœ๋ถ€ํ„ฐ ์ •๊ทœํ‘œํ˜„์‹์„ ์ƒ์„ฑํ•˜๋Š” ๊ฒƒ์€ ์•ˆ์ „ํ•˜์ง€ ์•Š๋‹ค๊ณ  ์—ฌ๊ฒจ์ง‘๋‹ˆ๋‹ค. ํ•˜์ง€๋งŒ ์ด๋ฒˆ ๋ฌธ์ œ์˜ ๊ฒฝ์šฐ ์ข…ํ•ฉ์ ์œผ๋กœ ํŒ๋‹จํ•œ ๊ฒฐ๊ณผ, ์ทจ์•ฝ์ ์œผ๋กœ์„œ ์ทจ๊ธ‰ํ•˜๊ธฐ๋กœ ํ–ˆ์Šต๋‹ˆ๋‹ค.
1919

20-
Please update Ruby to 3.0.4, or 3.1.2.
20+
Ruby๋ฅผ 3.0.4, or 3.1.2๋กœ ๊ฐฑ์‹ ํ•ด ์ฃผ์„ธ์š”.
2121

22-
## Affected versions
22+
## ํ•ด๋‹น ๋ฒ„์ „
2323

24-
* ruby 3.0.3 or prior
25-
* ruby 3.1.1 or prior
24+
* Ruby 3.0.3 ์ดํ•˜
25+
* Ruby 3.1.1 ์ดํ•˜
2626

27-
Note that ruby 2.6 series and 2.7 series are not affected.
27+
Ruby 2.6๊ณผ 2.7์€ ์˜ํ–ฅ์„ ๋ฐ›์ง€ ์•Š์Šต๋‹ˆ๋‹ค.
2828

29-
## Credits
29+
## ๋„์›€์„ ์ค€ ์‚ฌ๋žŒ
3030

31-
Thanks to [piao](https://hackerone.com/piao?type=user) for discovering this issue.
31+
์ด ๋ฌธ์ œ๋ฅผ ๋ฐœ๊ฒฌํ•ด ์ค€ [piao](https://hackerone.com/piao?type=user)์—๊ฒŒ ๊ฐ์‚ฌ๋ฅผ ํ‘œํ•ฉ๋‹ˆ๋‹ค.
3232

33-
## History
33+
## ์ˆ˜์ • ์ด๋ ฅ
3434

35-
* Originally published at 2022-04-12 12:00:00 (UTC)
35+
* 2022-04-12 12:00:00 (UTC) ์ตœ์ดˆ ๊ณต๊ฐœ

0 commit comments

Comments
ย (0)