CVE-2023-27530
published 2023-03-10CVE-2023-27530: A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to…
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.83%
76.2th percentile
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | ruby-rack | < ruby-rack 2.2.6.4-1 (bookworm) | ruby-rack 2.2.6.4-1 (bookworm) |
| https | github.com_rack_rack | — | — |
| rack | rack | < 2.0.9.3 | 2.0.9.3 |
| rack | rack | >= 0 < 2.0.9.3 | 2.0.9.3 |
| rack | rack | >= 2.1.0 < 2.1.4.3 | 2.1.4.3 |
| rack | rack | >= 2.1.0 < 2.1.4.3 | 2.1.4.3 |
| rack | rack | >= 2.2.0 < 2.2.6.3 | 2.2.6.3 |
| rack | rack | >= 2.2.0 < 2.2.6.3 | 2.2.6.3 |
| rack | rack | >= 3.0.0 < 3.0.4.2 | 3.0.4.2 |
| rack | rack | >= 3.0.0 < 3.0.4.2 | 3.0.4.2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.5HIGH
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Rack vulnerabilities
vendor_ubuntu·2024-09-26·CVSS 7.5
CVE-2024-25126 [HIGH] Rack vulnerabilities
Title: Rack vulnerabilities
Summary: Several security issues were fixed in Rack.
It was discovered that Rack was not properly parsing data when processing
multipart POST requests. If a user or automated system were tricked into
sending a specially crafted multipart POST request to an application using
Rack, a remote attacker could possibly use this issue to cause a denial of
service. (CVE-2022-30122)
It was discovered that Rack was not properly escaping untrusted data when
performing logging operations, which could cause shell escaped sequences
to be written to a terminal. If a user or automated system were tricked
into sending a specially crafted request to an application using Rack, a
remote attacker could possibly use this issue to execute arbitrary code in
the machine running the ap
Ubuntu
Rack vulnerabilities
vendor_ubuntu·2024-07-23·CVSS 7.5
CVE-2023-27530 [HIGH] Rack vulnerabilities
Title: Rack vulnerabilities
Summary: Rack could be made to consume resources and cause long delays if it
processed certain input.
It was discovered that Rack incorrectly handled certain regular
expressions. A remote attacker could possibly use this issue to cause
Rack to consume resources, leading to a denial of service.
(CVE-2023-27539)
It was discovered that Rack incorrectly handled Multipart MIME parsing.
A remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. This issue only affected
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-27530)
Instructions: After a standard system update you need to restart any applications using
Rack to make all the necessary changes.
Ubuntu
Rack vulnerabilities
vendor_ubuntu·2024-06-17·CVSS 7.5
CVE-2024-25126 [HIGH] Rack vulnerabilities
Title: Rack vulnerabilities
Summary: Several security issues were fixed in Rack.
It was discovered that Rack incorrectly handled Multipart MIME parsing. A
remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. This issue only affected Ubuntu
23.10. (CVE-2023-27530)
It was discovered that Rack incorrectly parsed certain media types. A
remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. (CVE-2024-25126)
It was discovered that Rack incorrectly handled certain Range headers. A
remote attacker could possibly use this issue to cause Rack to create large
responses, leading to a denial of service. This issue only affected Ubuntu
24.04 LTS. (CVE-2024-26141)
It was discovered
Red Hat
rubygem-rack: Denial of service in Multipart MIME parsing
vendor_redhat·2023-03-08·CVSS 7.5
CVE-2023-27530 [HIGH] CWE-20 rubygem-rack: Denial of service in Multipart MIME parsing
rubygem-rack: Denial of service in Multipart MIME parsing
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
A flaw was found in rubygem-rack. This issue occurs in the Multipart MIME parsing code in Rack, which limits the number of file parts but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected, resulting in a denial of service.
Package: openshift-logging/fluentd-rhel9 (Logging Subsystem for Red Hat OpenShift) - Affected
Package: 3scale-amp-zync-container (Red Hat 3scale API Manag
Debian
CVE-2023-27530: ruby-rack - A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3...
vendor_debian·2023·CVSS 7.5
CVE-2023-27530 [HIGH] CVE-2023-27530: ruby-rack - A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3...
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
Scope: local
bookworm: resolved (fixed in 2.2.6.4-1)
bullseye: resolved (fixed in 2.1.4-3+deb11u1)
forky: resolved (fixed in 2.2.6.4-1)
sid: resolved (fixed in 2.2.6.4-1)
trixie: resolved (fixed in 2.2.6.4-1)
OSV
ruby-rack vulnerabilities
osv·2024-09-26·CVSS 7.5
CVE-2022-30122 [HIGH] ruby-rack vulnerabilities
ruby-rack vulnerabilities
It was discovered that Rack was not properly parsing data when processing
multipart POST requests. If a user or automated system were tricked into
sending a specially crafted multipart POST request to an application using
Rack, a remote attacker could possibly use this issue to cause a denial of
service. (CVE-2022-30122)
It was discovered that Rack was not properly escaping untrusted data when
performing logging operations, which could cause shell escaped sequences
to be written to a terminal. If a user or automated system were tricked
into sending a specially crafted request to an application using Rack, a
remote attacker could possibly use this issue to execute arbitrary code in
the machine running the application. (CVE-2022-30123)
It was discovered that Rack
OSV
ruby-rack vulnerabilities
osv·2024-07-23·CVSS 7.5
CVE-2023-27539 [HIGH] ruby-rack vulnerabilities
ruby-rack vulnerabilities
It was discovered that Rack incorrectly handled certain regular
expressions. A remote attacker could possibly use this issue to cause
Rack to consume resources, leading to a denial of service.
(CVE-2023-27539)
It was discovered that Rack incorrectly handled Multipart MIME parsing.
A remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. This issue only affected
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-27530)
OSV
ruby-rack vulnerabilities
osv·2024-06-17·CVSS 7.5
CVE-2023-27530 [HIGH] ruby-rack vulnerabilities
ruby-rack vulnerabilities
It was discovered that Rack incorrectly handled Multipart MIME parsing. A
remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. This issue only affected Ubuntu
23.10. (CVE-2023-27530)
It was discovered that Rack incorrectly parsed certain media types. A
remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. (CVE-2024-25126)
It was discovered that Rack incorrectly handled certain Range headers. A
remote attacker could possibly use this issue to cause Rack to create large
responses, leading to a denial of service. This issue only affected Ubuntu
24.04 LTS. (CVE-2024-26141)
It was discovered that Rack incorrectly handled certain crafted headers.
OSV
CVE-2023-27530: A DoS vulnerability exists in Rack <v3
osv·2023-03-10·CVSS 7.5
CVE-2023-27530 [HIGH] CVE-2023-27530: A DoS vulnerability exists in Rack <v3
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
OSV
Rack has possible DoS Vulnerability in Multipart MIME parsing
osv·2023-03-08·CVSS 7.5
CVE-2023-27530 [HIGH] Rack has possible DoS Vulnerability in Multipart MIME parsing
Rack has possible DoS Vulnerability in Multipart MIME parsing
There is a possible DoS vulnerability in the Multipart MIME parsing code in Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27530.
Versions Affected: All. Not affected: None Fixed Versions: 3.0.4.2, 2.2.6.3, 2.1.4.3, 2.0.9.3
# Impact
The Multipart MIME parsing code in Rack limits the number of file parts, but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected.
All users running an affected release should either upgrade or use one of the workarounds immediately.
# Workarounds
A proxy can be configured to limit the POST body size which will mitigate this issue.
GHSA
Rack has possible DoS Vulnerability in Multipart MIME parsing
ghsa·2023-03-08·CVSS 7.5
CVE-2023-27530 [HIGH] CWE-400 Rack has possible DoS Vulnerability in Multipart MIME parsing
Rack has possible DoS Vulnerability in Multipart MIME parsing
There is a possible DoS vulnerability in the Multipart MIME parsing code in Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27530.
Versions Affected: All. Not affected: None Fixed Versions: 3.0.4.2, 2.2.6.3, 2.1.4.3, 2.0.9.3
# Impact
The Multipart MIME parsing code in Rack limits the number of file parts, but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected.
All users running an affected release should either upgrade or use one of the workarounds immediately.
# Workarounds
A proxy can be configured to limit the POST body size which will mitigate this issue.
No detection rules found.
No public exploits indexed.
https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388https://lists.debian.org/debian-lts-announce/2023/04/msg00017.htmlhttps://security.netapp.com/advisory/ntap-20231208-0015/https://www.debian.org/security/2023/dsa-5530https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388https://lists.debian.org/debian-lts-announce/2023/04/msg00017.htmlhttps://security.netapp.com/advisory/ntap-20231208-0015/https://www.debian.org/security/2023/dsa-5530
2023-03-10
Published