CVE-2023-27530

A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.

Published: Mar 10, 2023
Updated: May 9, 2024
CVE: CVE-2023-27530
GHSA: GHSA-3h57-hmj3-gj3p
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-400
CWE-770

Affected Software
References

Software	From	Fixed in
rack	-	2.0.9.3
rack	2.1.0	2.1.4.3
rack	2.2.0	2.2.6.3
rack	3.0.0	3.0.4.2
debian / debian_linux	10.0	10.0.x
debian / debian_linux	11.0	11.0.x
rack / rack	3.0.0	3.0.4.2
rack / rack	2.2.0	2.2.6.3
rack / rack	-	2.0.9.3
rack / rack	2.1.0	2.1.4.3

https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27530.yml
https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html
https://security.netapp.com/advisory/ntap-20231208-0015
https://security.netapp.com/advisory/ntap-20231208-0015/
https://www.debian.org/security/2023/dsa-5530

Vulnerability Database

289,599

CVE-2023-27530