CVE-2021-36773Uncontrolled Recursion in Nmatrix

CWE-674Uncontrolled Recursion4 documents4 sources
Severity
7.5HIGHNVD
EPSS
1.5%
top 18.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Sciruby NmatrixUblockorigin Ublock OriginUmatrix Project Umatrix+2 more
Timeline
PublishedJul 18
Latest updateMay 24

Description

uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

debiandebian/ublock-origin< ublock-origin 1.37.0+dfsg-1 (bookworm)
NVDsciruby/nmatrix< 4.4.9

Also affects: Debian Linux 9.0

🔴Vulnerability Details

2
GHSA
GHSA-vgm6-c9jx-rm2c: uBlock Origin before 12022-05-24
OSV
CVE-2021-36773: uBlock Origin before 12021-07-18

📋Vendor Advisories

1
Debian
CVE-2021-36773: ublock-origin - uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth ...2021
CVE-2021-36773 — Uncontrolled Recursion in Nmatrix | cvebase