CVE-2018-16470

There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:rack_project:rack:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:2.0.5:*:*:*:*:*:*:*

History

07 Nov 2023, 02:53

Type Values Removed Values Added
References
  • {'url': 'https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ', 'name': 'https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ', 'tags': ['Mailing List', 'Patch', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://groups.google.com/forum/#%21msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ¬†-

Information

Published : 2018-11-13 23:29

Updated : 2023-12-10 12:44


NVD link : CVE-2018-16470

Mitre link : CVE-2018-16470

CVE.ORG link : CVE-2018-16470


JSON object : View

Products Affected

rack_project

  • rack
CWE
CWE-400

Uncontrolled Resource Consumption