CVE-2013-0183 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Rack

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-400 — Uncontrolled Resource Consumption8 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

1.8%

top 17.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rack Rack Project Rack

Timeline

PublishedMar 1

Latest updateOct 24

Description

multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶RubyGemsrack/rack1.3.0 — 1.3.8+1

▶NVDrack_project/rack11 versions+10

🔴Vulnerability Details

OSV

Rack rubygems receiving excessively long lines triggers out-of-memory error↗2017-10-24

▶

GHSA

Rack rubygems receiving excessively long lines triggers out-of-memory error↗2017-10-24

▶

CVEList

CVE-2013-0183: multipart/parser↗2013-03-01

▶

OSV

CVE-2013-0183: multipart/parser↗2013-03-01

▶

📋Vendor Advisories

Red Hat

rubygem-rack: receiving excessively long lines triggers out-of-memory error↗2013-01-07

▶

Debian

CVE-2013-0183: ruby-rack - multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows rem...↗2013

▶

💬Community

Bugzilla

CVE-2013-0183 rubygem-rack: receiving excessively long lines triggers out-of-memory error↗2013-01-15

▶