Vulnerability Details : CVE-2013-0183
multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2013-0183
- cpe:2.3:a:rack_project:rack:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:rack_project:rack:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:rack_project:rack:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:rack_project:rack:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:rack_project:rack:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:rack_project:rack:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:rack_project:rack:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:rack_project:rack:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:rack_project:rack:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:rack_project:rack:1.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:rack_project:rack:1.4.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-0183
4.90%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-0183
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-0183
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-0183
-
https://bugzilla.redhat.com/show_bug.cgi?id=895282
895282 – (CVE-2013-0183) CVE-2013-0183 rubygem-rack: receiving excessively long lines triggers out-of-memory error
-
https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI
Sign in - Google Accounts
-
http://rack.github.com/
Rack: a Ruby Webserver Interface
-
http://rhn.redhat.com/errata/RHSA-2013-0544.html
RHSA-2013:0544 - Security Advisory - Red Hat Customer Portal
-
https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs
Sign in - Google Accounts
-
https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18
multipart/parser: avoid unbounded #gets method · rack/rack@f951134 · GitHub
-
http://rhn.redhat.com/errata/RHSA-2013-0548.html
Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
openSUSE-SU-2013:0462-1: moderate: RubyOnRails: security version update
-
http://www.debian.org/security/2013/dsa-2783
Debian -- Security Information -- DSA-2783-1 librack-ruby
-
https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff
multipart/parser: avoid unbounded #gets method · rack/rack@548b9af · GitHub
Jump to