A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
References
| Link | Resource |
|---|---|
| https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388 | Patch Vendor Advisory |
| https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html | Mailing List Third Party Advisory |
| https://security.netapp.com/advisory/ntap-20231208-0015/ | |
| https://www.debian.org/security/2023/dsa-5530 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
08 Dec 2023, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
|
| References | (MLIST) https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html - Mailing List, Third Party Advisory | |
| CPE | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
17 Apr 2023, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
16 Mar 2023, 16:18
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| References | (MISC) https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388 - Patch, Vendor Advisory | |
| CWE | CWE-770 |
11 Mar 2023, 02:54
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-03-10 22:15
Updated : 2024-10-15 19:35
NVD link : CVE-2023-27530
Mitre link : CVE-2023-27530
CVE.ORG link : CVE-2023-27530
JSON object : View
Products Affected
debian
- debian_linux
rack_project
- rack