Published: 10/03/2023 Updated: 08/12/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an malicious user to craft requests that can be abuse to cause multipart parsing to take longer than expected.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rack project rack
debian debian linux 10.0
debian debian linux 11.0

Debian Bug report logs - #1032803 ruby-rack: CVE-2023-27530 Package: src:ruby-rack; Maintainer for src:ruby-rack is Debian Ruby Team <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 11 Mar 2023 20:12:02 UTC Severity: important Tags: security, upst ...

Several vulnerabilities were discovered in ruby-rack, a modular Ruby webserver interface, which may result in denial of service and shell escape sequence injection For the oldstable distribution (bullseye), these problems have been fixed in version 214-3+deb11u1 We recommend that you upgrade your ruby-rack packages For the detailed security st ...

Synopsis Moderate: pcs security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for pcs is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Security has ra ...

Synopsis Moderate: pcs security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for pcs is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having ...

Synopsis Moderate: pcs security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for pcs is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security has ra ...

概述 Important: pcs security and bug fix update 类型/严重性 Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems 标题 An update for pcs is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as hav ...

Synopsis Moderate: pcs security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for pcs is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security has ra ...

Description This CVE is under investigation by Red Hat Product Security ...

CWE-770 https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388 https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html https://www.debian.org/security/2023/dsa-5530 https://security.netapp.com/advisory/ntap-20231208-0015/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032803 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5530

CVE-2023-27530

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect