CVE-2018-16470

Published: Nov 13, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.

Affected (2)

Products: Rack Project: Rack

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Rack Project Rack	Version 2.0.4
Rack Project Rack	Version 2.0.5

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (4)

https://access.redhat.com/errata/RHSA-2019:3172

Source: support@hackerone.com

https://groups.google.com/forum/#%21msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ

Source: support@hackerone.com

https://access.redhat.com/errata/RHSA-2019:3172

Source: af854a3a-2127-422b-91ae-364da2661108

https://groups.google.com/forum/#%21msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.