CVE-2013-0183

multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.

Published Bysecalert@redhat.com

Published DateMar 01, 2013, 05:40

Affected Versions(2)

rack(RubyGems)

Introduced1.3.0

Fixed1.3.8

LimitN/A

rack(RubyGems)

Introduced1.4.0

Fixed1.4.3

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
rack(RubyGems)	1.3.0	1.3.8	N/A
rack(RubyGems)	1.4.0	1.4.3	N/A

Weakness Type (CWE):CWE-119

CVSS Metrics

Base Score

Vector String

AV:N/AC:L/Au:N/C:N/I:N/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

PARTIAL

References

Weakness Type (CWE):CWE-119

CVSS Metrics

Base Score

Vector String

AV:N/AC:L/Au:N/C:N/I:N/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

PARTIAL