RubySec

Providing security resources for the Ruby community

CVE-2013-0183 (rack): CVE-2013-0183 rubygem-rack: receiving excessively long lines triggers out-of-memory error

ADVISORIES

GEM

rack

SEVERITY

CVSS v2: 5.0 (Medium)

PATCHED VERSIONS

  • ~> 1.3.8
  • >= 1.4.3

DESCRIPTION

multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.