CVE-2023-27530

A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*
cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*
cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*
cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

08 Dec 2023, 22:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20231208-0015/ -

04 Nov 2023, 02:46

Type Values Removed Values Added
References (DEBIAN) https://www.debian.org/security/2023/dsa-5530 - (DEBIAN) https://www.debian.org/security/2023/dsa-5530 - Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html - (MLIST) https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html - Mailing List, Third Party Advisory
First Time Debian debian Linux
Debian
CPE cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

22 Oct 2023, 19:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2023/dsa-5530 -

17 Apr 2023, 16:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html -

16 Mar 2023, 16:18

Type Values Removed Values Added
References (MISC) https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388 - (MISC) https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388 - Patch, Vendor Advisory
First Time Rack Project rack
Rack Project
CWE CWE-770
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*

10 Mar 2023, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-03-10 22:15

Updated : 2023-12-10 14:48


NVD link : CVE-2023-27530

Mitre link : CVE-2023-27530

CVE.ORG link : CVE-2023-27530


JSON object : View

Products Affected

debian

  • debian_linux

rack_project

  • rack
CWE
CWE-770

Allocation of Resources Without Limits or Throttling

CWE-400

Uncontrolled Resource Consumption