Potential Denial-of-Service in bindata
Moderate severity
GitHub Reviewed
Published
Jun 23, 2021
to the GitHub Advisory Database
•
Updated Nov 18, 2024
Description
Reviewed
Jun 23, 2021
Published to the GitHub Advisory Database
Jun 23, 2021
Published by the National Vulnerability Database
Jun 24, 2021
Last updated
Nov 18, 2024
In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example
BinData::Bit100000
,BinData::Bit100001
,BinData::Bit100002
,BinData::Bit<N>
. In combination with<user_input>.constantize
there is a potential for a CPU-based DoS. In version 2.4.10, bindata improved the creation time of Bits and Integers.References