Published: 18/07/2021 Updated: 20/01/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

uBlock Origin prior to 1.36.2 and nMatrix prior to 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality).

Vulnerable Product	Search on Vulmon	Subscribe to Product
sciruby nmatrix
ublockorigin ublock origin
umatrix project umatrix
debian debian linux 9.0

Debian Bug report logs - #991344 umatrix: CVE-2021-36773: Denial of Service Package: src:umatrix; Maintainer for src:umatrix is Debian Mozilla Extension Maintainers <pkg-mozext-maintainers@listsaliothdebianorg>; Reported by: Marcus Frings <marcusfrings@ocrwth-aachende> Date: Wed, 21 Jul 2021 09:33:04 UTC Severi ...

uBlock Origin before 1362 supports an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality) ...

CWE-674 https://news.ycombinator.com/item?id=27833752 https://github.com/vtriolet/writings/blob/main/posts/2021/ublock_origin_and_umatrix_denial_of_service.adoc https://lists.debian.org/debian-lts-announce/2022/06/msg00024.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991344 https://nvd.nist.gov https://security.archlinux.org/CVE-2021-36773

CVE-2021-36773

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect