CVE-2023-27530
Published: 10 March 2023
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
Notes
Author | Note |
---|---|
iconstantin | Intrusive backport for older releases. |
Priority
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530
- https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388
- https://github.com/rack/rack/commit/8e8869d625e73e16b576b6d31b50208e9ec8002f (main)
- https://github.com/rack/rack/commit/9aac3757fe19cdb0476504c9245170115bec9668 (v2.2.6.3)
- https://github.com/rack/rack/commit/b632718265fa5ffa547b060331341a1e216b4ffa (2.1.4.3)
- https://github.com/rack/rack/commit/5f6e2fcbbdbff2dfaa21baa693e9d23d12ac1459 (v2.0.9.3)
- NVD
- Launchpad
- Debian