From 627ecbaab984a940adbf31ed3849ccfb1d857364 Mon Sep 17 00:00:00 2001
From: Al Snow <43523+jasnow@users.noreply.github.com>
Date: Sat, 23 May 2026 11:09:21 -0400
Subject: [PATCH 1/2] New advisory - see Ruby 4.0.5

---
 rubies/ruby/CVE-2026-46727.yml | 35 ++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 rubies/ruby/CVE-2026-46727.yml

diff --git a/rubies/ruby/CVE-2026-46727.yml b/rubies/ruby/CVE-2026-46727.yml
new file mode 100644
index 0000000000..c1aaf19611
--- /dev/null
+++ b/rubies/ruby/CVE-2026-46727.yml
@@ -0,0 +1,35 @@
+---
+engine: ruby
+cve: 2026-46727
+url: https://nvd.nist.gov/vuln/detail/CVE-2026-46727
+title: CVE-2026-46727 - Use-after-free in pthread-based getaddrinfo timeout handler
+date: 2026-05-20
+description: |
+  ## SUMMARY
+
+  A race condition leading to a use-after-free in the pthread-based
+  getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c)
+  allows a remote attacker who can delay DNS responses near the
+  user-specified timeout to crash a Ruby process that calls
+  Addrinfo.getaddrinfo(..., timeout:) or Socket.tcp(..., resolv_timeout:).
+  Memory-corruption-based exploitation is theoretically possible. The
+  attack could, for example, be carried out through a crafted
+  authoritative DNS server or recursive resolver.
+
+  This vulnerability has been assigned the CVE identifier CVE-2026-46727.
+
+  This issue has been fixed in Ruby 4.0.5. We recommend upgrading Ruby.
+cvss_v3: 8.1
+unaffected_versions:
+  - "<= 3.4"
+patched_versions:
+  - ">= 4.0.5"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2026-46727
+    - https://www.ruby-lang.org/en/news/2026/05/20/ruby-4-0-5-released
+    - https://github.com/ruby/ruby/releases/tag/v4.0.5
+    - https://www.ruby-lang.org/en/news/2026/05/20/getaddrinfo-cve-2026-46727
+    - https://hackerone.com/reports/3607434
+notes: |
+  - "Ruby 3.4 series and earlier are not affected." in ruby-lang post.

From 91b08f31d86e2bef490cc755540cbee4adbfd32d Mon Sep 17 00:00:00 2001
From: Al Snow <43523+jasnow@users.noreply.github.com>
Date: Sat, 23 May 2026 16:24:04 -0400
Subject: [PATCH 2/2] Update CVE-2026-46727.yml with version changes

---
 rubies/ruby/CVE-2026-46727.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rubies/ruby/CVE-2026-46727.yml b/rubies/ruby/CVE-2026-46727.yml
index c1aaf19611..da4b70730c 100644
--- a/rubies/ruby/CVE-2026-46727.yml
+++ b/rubies/ruby/CVE-2026-46727.yml
@@ -21,7 +21,7 @@ description: |
   This issue has been fixed in Ruby 4.0.5. We recommend upgrading Ruby.
 cvss_v3: 8.1
 unaffected_versions:
-  - "<= 3.4"
+  - "< 4.0"
 patched_versions:
   - ">= 4.0.5"
 related: