Rack rubygems receiving excessively long lines triggers out-of-memory error
Moderate severity
GitHub Reviewed
Published
Oct 24, 2017
to the GitHub Advisory Database
•
Updated Aug 28, 2023
Package
Affected versions
>= 1.3.0, < 1.3.8
>= 1.4.0, < 1.4.3
Patched versions
1.3.8
1.4.3
Description
Published by the National Vulnerability Database
Mar 1, 2013
Published to the GitHub Advisory Database
Oct 24, 2017
Reviewed
Jun 16, 2020
Last updated
Aug 28, 2023
multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.
References