RubySec

Providing security resources for the Ruby community

CVE-2013-0183 (rack): Rack Long String Parsing Memory Consumption Remote DoS

ADVISORIES

GEM

rack

SEVERITY

CVSS v2: 5.0

PATCHED VERSIONS

  • ~> 1.3.8
  • >= 1.4.3

DESCRIPTION

Rack contains a flaw that may allow a remote denial of service. The issue is triggered when parsing an overly long string. With a specially crafted string, a remote attacker can cause a consumption of memory. This will result in a loss of availability for the webserver.