CVE-2013-0183 rubygem-rack: receiving excessively long lines triggers out-of-memory error
Published: January 07, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-0183 (NVD)
- GHSA: GHSA-3pxh-h8hw-mj8w
- OSVDB: OSVDB-89320
GEM
SEVERITY
CVSS v2.0: 5.0 (Medium)
PATCHED VERSIONS
~> 1.3.8
>= 1.4.3
DESCRIPTION
multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.