CVE-2006-6303Infinite Loop in Matsumoto Ruby

CWE-835Infinite Loop7 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
4.2%
top 11.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Yukihiro Matsumoto Ruby
Timeline
PublishedDec 6
Latest updateMay 1

Description

The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDyukihiro_matsumoto/ruby8 versions+7

Patches

Patch: bugs.gentoo.orgPatch: bugzilla.redhat.comPatch: www.ruby-lang.org

🔴Vulnerability Details

2
GHSA
GHSA-fx2r-qhmq-3jjp: The read_multipart function in cgi2022-05-01
CVEList
CVE-2006-6303: The read_multipart function in cgi2006-12-06

📋Vendor Advisories

2
Ubuntu
Ruby vulnerability2006-12-08
Red Hat
ruby's cgi.rb vulnerable infinite loop DoS2006-12-04

💬Community

2
Bugzilla
CVE-2006-6303 ruby's cgi.rb vulnerable infinite loop DoS2006-12-04
Bugzilla
CVE-2006-6303 ruby's cgi.rb vulnerable infinite loop DoS2006-12-04
CVE-2006-6303 — Infinite Loop in Matsumoto Ruby | cvebase