Vulnerability-Lookup

CVE-2026-27820 (GCVE-0-2026-27820)

Vulnerability from cvelistv5 – Published: 2026-04-16 17:27 – Updated: 2026-04-16 18:20

Title

zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption

Summary

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capacity. This issue has been fixed in versions 3.0.1, 3.1.2 and 3.2.3.

Severity ?

1.7 (Low)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-131 - Incorrect Calculation of Buffer Size

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	ruby	zlib	Affected: < 3.0.1 Affected: >= 3.1.0, < 3.1.2 Affected: >= 3.2.0, < 3.2.3

FKIE_CVE-2026-27820

Vulnerability from fkie_nvd - Published: 2026-04-16 18:16 - Updated: 2026-04-16 18:16

Severity ?

1.7 (Low) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w
	security-advisories@github.com	https://hackerone.com/reports/3467067

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capacity. This issue has been fixed in versions 3.0.1, 3.1.2 and 3.2.3."
    }
  ],
  "id": "CVE-2026-27820",
  "lastModified": "2026-04-16T18:16:44.770",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 1.7,
          "baseSeverity": "LOW",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "UNREPORTED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-04-16T18:16:44.770",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://hackerone.com/reports/3467067"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Received",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        },
        {
          "lang": "en",
          "value": "CWE-131"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-G857-HHFV-J68W

Vulnerability from github – Published: 2026-04-16 20:40 – Updated: 2026-04-16 20:40

Summary

Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption

Details

A buffer overflow vulnerability exists in Zlib::GzipReader.

The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capacity.

Recommended action

We recommend to update the zlib gem to version 3.2.3 or later. In order to ensure compatibility with bundled version in older Ruby series, you may update as follows instead:

For Ruby 3.2 users: Update to zlib 3.0.1
For Ruby 3.3 users: Update to zlib 3.1.2

You can use gem update zlib to update it. If you are using bundler, please add gem "zlib", ">= 3.2.3" to your Gemfile.

Affected versions

zlib gem 3.2.2 or lower

Credits

calysteon

References

https://hackerone.com/reports/3467067

Severity ?

5.9 (Medium)


                  
                    CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "zlib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.2.0"
            },
            {
              "fixed": "3.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "zlib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "zlib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-27820"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-120"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-16T20:40:54Z",
    "nvd_published_at": "2026-04-16T18:16:44Z",
    "severity": "MODERATE"
  },
  "details": "### Details\n\nA buffer overflow vulnerability exists in `Zlib::GzipReader`.\n\nThe `zstream_buffer_ungets` function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capacity.\n\n### Recommended action\n\nWe recommend to update the `zlib` gem to version 3.2.3 or later. In order to ensure compatibility with bundled version in older Ruby series, you may update as follows instead:\n\n* For Ruby 3.2 users: Update to zlib 3.0.1\n* For Ruby 3.3 users: Update to zlib 3.1.2\n\nYou can use gem update zlib to update it. If you are using bundler, please add `gem \"zlib\", \"\u003e= 3.2.3\"` to your Gemfile.\n\n### Affected versions\n\nzlib gem 3.2.2 or lower\n\n### Credits\n\n[calysteon](https://hackerone.com/calysteon)\n\n### References\n\n* https://hackerone.com/reports/3467067",
  "id": "GHSA-g857-hhfv-j68w",
  "modified": "2026-04-16T20:40:54Z",
  "published": "2026-04-16T20:40:54Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27820"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/3467067"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ruby/zlib"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/zlib/CVE-2026-27820.yml"
    },
    {
      "type": "WEB",
      "url": "https://www.ruby-lang.org/en/news/2026/03/05/buffer-overflow-zlib-cve-2026-27820"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption"
}

WID-SEC-W-2026-0595

Vulnerability from csaf_certbund - Published: 2026-03-04 23:00 - Updated: 2026-03-26 23:00

Summary

Ruby: Schwachstelle ermöglicht Denial of Service

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Ruby ist eine interpretierte, objektorientierte Skriptsprache.

Angriff: Ein lokaler Angreifer kann eine Schwachstelle in Ruby ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2026-27820

References

URL

SUSE-SU-2026:1066-1

Vulnerability from csaf_suse - Published: 2026-03-26 10:38 - Updated: 2026-03-26 10:38

Summary

Security update for ruby2.5

Severity

Important

Notes

Title of the patch: Security update for ruby2.5

Description of the patch: This update for ruby2.5 fixes the following issues: - CVE-2024-49761: ReDoS vulnerability in REXML gem (bsc#1232440 bsc#1232441). - CVE-2025-58767: denial of service when parsing XML containing multiple XML declarations (bsc#1250016). - CVE-2026-27820: insufficient checks in `zstream_buffer_ungets` can lead to a buffer overflow (bsc#1259239).

Patchnames: SUSE-2026-1066,SUSE-SLE-Module-Basesystem-15-SP7-2026-1066

CVE-2024-49761

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2025-58767

2.9 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-27820

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

URL

Category

	https://www.suse.com/support/security/rating/	external
	https://ftp.suse.com/pub/projects/security/csaf/s…	self
	https://www.suse.com/support/update/announcement/…	self
	https://lists.suse.com/pipermail/sle-security-upd…	self
	https://bugzilla.suse.com/1232440	self
	https://bugzilla.suse.com/1232441	self
	https://bugzilla.suse.com/1250016	self
	https://bugzilla.suse.com/1259239	self
	https://www.suse.com/security/cve/CVE-2024-49761/	self
	https://www.suse.com/security/cve/CVE-2025-58767/	self
	https://www.suse.com/security/cve/CVE-2026-27820/	self
	https://www.suse.com/security/cve/CVE-2024-49761	external
	https://bugzilla.suse.com/1232440	external
	https://www.suse.com/security/cve/CVE-2025-58767	external
	https://bugzilla.suse.com/1250016	external
	https://www.suse.com/security/cve/CVE-2026-27820	external
	https://bugzilla.suse.com/1259239	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for ruby2.5",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for ruby2.5 fixes the following issues:\n\n- CVE-2024-49761: ReDoS vulnerability in REXML gem (bsc#1232440 bsc#1232441).\n- CVE-2025-58767: denial of service when parsing XML containing multiple XML declarations (bsc#1250016).\n- CVE-2026-27820: insufficient checks in `zstream_buffer_ungets` can lead to a buffer overflow (bsc#1259239).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2026-1066,SUSE-SLE-Module-Basesystem-15-SP7-2026-1066",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1066-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:1066-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261066-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:1066-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024943.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1232440",
        "url": "https://bugzilla.suse.com/1232440"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1232441",
        "url": "https://bugzilla.suse.com/1232441"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1250016",
        "url": "https://bugzilla.suse.com/1250016"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1259239",
        "url": "https://bugzilla.suse.com/1259239"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-49761 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-49761/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-58767 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-58767/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-27820 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-27820/"
      }
    ],
    "title": "Security update for ruby2.5",
    "tracking": {
      "current_release_date": "2026-03-26T10:38:44Z",
      "generator": {
        "date": "2026-03-26T10:38:44Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:1066-1",
      "initial_release_date": "2026-03-26T10:38:44Z",
      "revision_history": [
        {
          "date": "2026-03-26T10:38:44Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libruby2_5-2_5-2.5.9-150700.24.6.1.aarch64",
                "product": {
                  "name": "libruby2_5-2_5-2.5.9-150700.24.6.1.aarch64",
                  "product_id": "libruby2_5-2_5-2.5.9-150700.24.6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-2.5.9-150700.24.6.1.aarch64",
                "product": {
                  "name": "ruby2.5-2.5.9-150700.24.6.1.aarch64",
                  "product_id": "ruby2.5-2.5.9-150700.24.6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-devel-2.5.9-150700.24.6.1.aarch64",
                "product": {
                  "name": "ruby2.5-devel-2.5.9-150700.24.6.1.aarch64",
                  "product_id": "ruby2.5-devel-2.5.9-150700.24.6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-devel-extra-2.5.9-150700.24.6.1.aarch64",
                "product": {
                  "name": "ruby2.5-devel-extra-2.5.9-150700.24.6.1.aarch64",
                  "product_id": "ruby2.5-devel-extra-2.5.9-150700.24.6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-doc-2.5.9-150700.24.6.1.aarch64",
                "product": {
                  "name": "ruby2.5-doc-2.5.9-150700.24.6.1.aarch64",
                  "product_id": "ruby2.5-doc-2.5.9-150700.24.6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-stdlib-2.5.9-150700.24.6.1.aarch64",
                "product": {
                  "name": "ruby2.5-stdlib-2.5.9-150700.24.6.1.aarch64",
                  "product_id": "ruby2.5-stdlib-2.5.9-150700.24.6.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libruby2_5-2_5-2.5.9-150700.24.6.1.i586",
                "product": {
                  "name": "libruby2_5-2_5-2.5.9-150700.24.6.1.i586",
                  "product_id": "libruby2_5-2_5-2.5.9-150700.24.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-2.5.9-150700.24.6.1.i586",
                "product": {
                  "name": "ruby2.5-2.5.9-150700.24.6.1.i586",
                  "product_id": "ruby2.5-2.5.9-150700.24.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-devel-2.5.9-150700.24.6.1.i586",
                "product": {
                  "name": "ruby2.5-devel-2.5.9-150700.24.6.1.i586",
                  "product_id": "ruby2.5-devel-2.5.9-150700.24.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-devel-extra-2.5.9-150700.24.6.1.i586",
                "product": {
                  "name": "ruby2.5-devel-extra-2.5.9-150700.24.6.1.i586",
                  "product_id": "ruby2.5-devel-extra-2.5.9-150700.24.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-doc-2.5.9-150700.24.6.1.i586",
                "product": {
                  "name": "ruby2.5-doc-2.5.9-150700.24.6.1.i586",
                  "product_id": "ruby2.5-doc-2.5.9-150700.24.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-stdlib-2.5.9-150700.24.6.1.i586",
                "product": {
                  "name": "ruby2.5-stdlib-2.5.9-150700.24.6.1.i586",
                  "product_id": "ruby2.5-stdlib-2.5.9-150700.24.6.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ruby2.5-doc-ri-2.5.9-150700.24.6.1.noarch",
                "product": {
                  "name": "ruby2.5-doc-ri-2.5.9-150700.24.6.1.noarch",
                  "product_id": "ruby2.5-doc-ri-2.5.9-150700.24.6.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libruby2_5-2_5-2.5.9-150700.24.6.1.ppc64le",
                "product": {
                  "name": "libruby2_5-2_5-2.5.9-150700.24.6.1.ppc64le",
                  "product_id": "libruby2_5-2_5-2.5.9-150700.24.6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-2.5.9-150700.24.6.1.ppc64le",
                "product": {
                  "name": "ruby2.5-2.5.9-150700.24.6.1.ppc64le",
                  "product_id": "ruby2.5-2.5.9-150700.24.6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-devel-2.5.9-150700.24.6.1.ppc64le",
                "product": {
                  "name": "ruby2.5-devel-2.5.9-150700.24.6.1.ppc64le",
                  "product_id": "ruby2.5-devel-2.5.9-150700.24.6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-devel-extra-2.5.9-150700.24.6.1.ppc64le",
                "product": {
                  "name": "ruby2.5-devel-extra-2.5.9-150700.24.6.1.ppc64le",
                  "product_id": "ruby2.5-devel-extra-2.5.9-150700.24.6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-doc-2.5.9-150700.24.6.1.ppc64le",
                "product": {
                  "name": "ruby2.5-doc-2.5.9-150700.24.6.1.ppc64le",
                  "product_id": "ruby2.5-doc-2.5.9-150700.24.6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-stdlib-2.5.9-150700.24.6.1.ppc64le",
                "product": {
                  "name": "ruby2.5-stdlib-2.5.9-150700.24.6.1.ppc64le",
                  "product_id": "ruby2.5-stdlib-2.5.9-150700.24.6.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libruby2_5-2_5-2.5.9-150700.24.6.1.s390x",
                "product": {
                  "name": "libruby2_5-2_5-2.5.9-150700.24.6.1.s390x",
                  "product_id": "libruby2_5-2_5-2.5.9-150700.24.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-2.5.9-150700.24.6.1.s390x",
                "product": {
                  "name": "ruby2.5-2.5.9-150700.24.6.1.s390x",
                  "product_id": "ruby2.5-2.5.9-150700.24.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-devel-2.5.9-150700.24.6.1.s390x",
                "product": {
                  "name": "ruby2.5-devel-2.5.9-150700.24.6.1.s390x",
                  "product_id": "ruby2.5-devel-2.5.9-150700.24.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-devel-extra-2.5.9-150700.24.6.1.s390x",
                "product": {
                  "name": "ruby2.5-devel-extra-2.5.9-150700.24.6.1.s390x",
                  "product_id": "ruby2.5-devel-extra-2.5.9-150700.24.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-doc-2.5.9-150700.24.6.1.s390x",
                "product": {
                  "name": "ruby2.5-doc-2.5.9-150700.24.6.1.s390x",
                  "product_id": "ruby2.5-doc-2.5.9-150700.24.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-stdlib-2.5.9-150700.24.6.1.s390x",
                "product": {
                  "name": "ruby2.5-stdlib-2.5.9-150700.24.6.1.s390x",
                  "product_id": "ruby2.5-stdlib-2.5.9-150700.24.6.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libruby2_5-2_5-2.5.9-150700.24.6.1.x86_64",
                "product": {
                  "name": "libruby2_5-2_5-2.5.9-150700.24.6.1.x86_64",
                  "product_id": "libruby2_5-2_5-2.5.9-150700.24.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-2.5.9-150700.24.6.1.x86_64",
                "product": {
                  "name": "ruby2.5-2.5.9-150700.24.6.1.x86_64",
                  "product_id": "ruby2.5-2.5.9-150700.24.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-devel-2.5.9-150700.24.6.1.x86_64",
                "product": {
                  "name": "ruby2.5-devel-2.5.9-150700.24.6.1.x86_64",
                  "product_id": "ruby2.5-devel-2.5.9-150700.24.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-devel-extra-2.5.9-150700.24.6.1.x86_64",
                "product": {
                  "name": "ruby2.5-devel-extra-2.5.9-150700.24.6.1.x86_64",
                  "product_id": "ruby2.5-devel-extra-2.5.9-150700.24.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-doc-2.5.9-150700.24.6.1.x86_64",
                "product": {
                  "name": "ruby2.5-doc-2.5.9-150700.24.6.1.x86_64",
                  "product_id": "ruby2.5-doc-2.5.9-150700.24.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.5-stdlib-2.5.9-150700.24.6.1.x86_64",
                "product": {
                  "name": "ruby2.5-stdlib-2.5.9-150700.24.6.1.x86_64",
                  "product_id": "ruby2.5-stdlib-2.5.9-150700.24.6.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libruby2_5-2_5-2.5.9-150700.24.6.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.aarch64"
        },
        "product_reference": "libruby2_5-2_5-2.5.9-150700.24.6.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libruby2_5-2_5-2.5.9-150700.24.6.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.ppc64le"
        },
        "product_reference": "libruby2_5-2_5-2.5.9-150700.24.6.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libruby2_5-2_5-2.5.9-150700.24.6.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.s390x"
        },
        "product_reference": "libruby2_5-2_5-2.5.9-150700.24.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libruby2_5-2_5-2.5.9-150700.24.6.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.x86_64"
        },
        "product_reference": "libruby2_5-2_5-2.5.9-150700.24.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.5-2.5.9-150700.24.6.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.aarch64"
        },
        "product_reference": "ruby2.5-2.5.9-150700.24.6.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.5-2.5.9-150700.24.6.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.ppc64le"
        },
        "product_reference": "ruby2.5-2.5.9-150700.24.6.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.5-2.5.9-150700.24.6.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.s390x"
        },
        "product_reference": "ruby2.5-2.5.9-150700.24.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.5-2.5.9-150700.24.6.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.x86_64"
        },
        "product_reference": "ruby2.5-2.5.9-150700.24.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.5-devel-2.5.9-150700.24.6.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.aarch64"
        },
        "product_reference": "ruby2.5-devel-2.5.9-150700.24.6.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.5-devel-2.5.9-150700.24.6.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.ppc64le"
        },
        "product_reference": "ruby2.5-devel-2.5.9-150700.24.6.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.5-devel-2.5.9-150700.24.6.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.s390x"
        },
        "product_reference": "ruby2.5-devel-2.5.9-150700.24.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.5-devel-2.5.9-150700.24.6.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.x86_64"
        },
        "product_reference": "ruby2.5-devel-2.5.9-150700.24.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.5-devel-extra-2.5.9-150700.24.6.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.aarch64"
        },
        "product_reference": "ruby2.5-devel-extra-2.5.9-150700.24.6.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.5-devel-extra-2.5.9-150700.24.6.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.ppc64le"
        },
        "product_reference": "ruby2.5-devel-extra-2.5.9-150700.24.6.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.5-devel-extra-2.5.9-150700.24.6.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.s390x"
        },
        "product_reference": "ruby2.5-devel-extra-2.5.9-150700.24.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.5-devel-extra-2.5.9-150700.24.6.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.x86_64"
        },
        "product_reference": "ruby2.5-devel-extra-2.5.9-150700.24.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.5-stdlib-2.5.9-150700.24.6.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.aarch64"
        },
        "product_reference": "ruby2.5-stdlib-2.5.9-150700.24.6.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.5-stdlib-2.5.9-150700.24.6.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.ppc64le"
        },
        "product_reference": "ruby2.5-stdlib-2.5.9-150700.24.6.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.5-stdlib-2.5.9-150700.24.6.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.s390x"
        },
        "product_reference": "ruby2.5-stdlib-2.5.9-150700.24.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.5-stdlib-2.5.9-150700.24.6.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.x86_64"
        },
        "product_reference": "ruby2.5-stdlib-2.5.9-150700.24.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-49761",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-49761"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between \u0026# and x...; in a hex numeric character reference (\u0026#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-49761",
          "url": "https://www.suse.com/security/cve/CVE-2024-49761"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1232440 for CVE-2024-49761",
          "url": "https://bugzilla.suse.com/1232440"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T10:38:44Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-49761"
    },
    {
      "cve": "CVE-2025-58767",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-58767"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-58767",
          "url": "https://www.suse.com/security/cve/CVE-2025-58767"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1250016 for CVE-2025-58767",
          "url": "https://bugzilla.suse.com/1250016"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.9,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T10:38:44Z",
          "details": "low"
        }
      ],
      "title": "CVE-2025-58767"
    },
    {
      "cve": "CVE-2026-27820",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-27820"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-27820",
          "url": "https://www.suse.com/security/cve/CVE-2026-27820"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1259239 for CVE-2026-27820",
          "url": "https://bugzilla.suse.com/1259239"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.6.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.6.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.6.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.6.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T10:38:44Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-27820"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-27820 (GCVE-0-2026-27820)

FKIE_CVE-2026-27820

GHSA-G857-HHFV-J68W

Details

Recommended action

Affected versions

Credits

References

WID-SEC-W-2026-0595

SUSE-SU-2026:1066-1

Tags

Sightings

Nomenclature