GSD-2018-16470

Vulnerability from gsd - Updated: 2018-11-05 00:00
Details
There is a possible DoS vulnerability in the multipart parser in Rack. This vulnerability has been assigned the CVE identifier CVE-2018-16470. Versions Affected: 2.0.4, 2.0.5 Not affected: <= 2.0.3 Fixed Versions: 2.0.6 Impact ------ There is a possible DoS vulnerability in the multipart parser in Rack. Carefully crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size. Impacted code can look something like this: ``` Rack::Request.new(env).params ``` But any code that uses the multi-part parser may be vulnerable. Rack users that have manually adjusted the buffer size in the multipart parser may be vulnerable as well. All users running an affected release should either upgrade or use one of the workarounds immediately. Releases -------- The 2.0.6 release is available at the normal locations. Workarounds ----------- To work around this issue, the following code can be used: ``` require "rack/multipart/parser" Rack::Multipart::Parser.send :remove_const, :BUFSIZE Rack::Multipart::Parser.const_set :BUFSIZE, 16384 ```
Aliases
Aliases
CVE-2018-16470
To clipboard 

{
  "GSD": {
    "alias": "CVE-2018-16470",
    "description": "There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.",
    "id": "GSD-2018-16470",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-16470.html",
      "https://access.redhat.com/errata/RHSA-2019:3172"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "rack",
            "purl": "pkg:gem/rack"
          }
        }
      ],
      "aliases": [
        "CVE-2018-16470",
        "GHSA-hg78-4f6x-99wq"
      ],
      "details": "There is a possible DoS vulnerability in the multipart parser in Rack. This\nvulnerability has been assigned the CVE identifier CVE-2018-16470.\n\nVersions Affected:  2.0.4, 2.0.5\nNot affected:       \u003c= 2.0.3\nFixed Versions:     2.0.6\n\nImpact\n------\nThere is a possible DoS vulnerability in the multipart parser in Rack.\nCarefully crafted requests can cause the multipart parser to enter a\npathological state, causing the parser to use CPU resources disproportionate to\nthe request size.\n\nImpacted code can look something like this:\n\n```\nRack::Request.new(env).params\n```\n\nBut any code that uses the multi-part parser may be vulnerable.\n\nRack users that have manually adjusted the buffer size in the multipart parser\nmay be vulnerable as well.\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe 2.0.6 release is available at the normal locations.\n\nWorkarounds\n-----------\nTo work around this issue, the following code can be used:\n\n```\nrequire \"rack/multipart/parser\"\n\nRack::Multipart::Parser.send :remove_const, :BUFSIZE\nRack::Multipart::Parser.const_set :BUFSIZE, 16384\n```\n",
      "id": "GSD-2018-16470",
      "modified": "2018-11-05T00:00:00.000Z",
      "published": "2018-11-05T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk"
        }
      ],
      "schema_version": "1.4.0",
      "summary": "Possible DoS vulnerability in Rack"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "support@hackerone.com",
        "ID": "CVE-2018-16470",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Rack",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2.0.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Rack"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Denial of Service (CWE-400)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ",
            "refsource": "MISC",
            "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ"
          },
          {
            "name": "RHSA-2019:3172",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:3172"
          }
        ]
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2018-16470",
      "date": "2018-11-05",
      "description": "There is a possible DoS vulnerability in the multipart parser in Rack. This\nvulnerability has been assigned the CVE identifier CVE-2018-16470.\n\nVersions Affected:  2.0.4, 2.0.5\nNot affected:       \u003c= 2.0.3\nFixed Versions:     2.0.6\n\nImpact\n------\nThere is a possible DoS vulnerability in the multipart parser in Rack.\nCarefully crafted requests can cause the multipart parser to enter a\npathological state, causing the parser to use CPU resources disproportionate to\nthe request size.\n\nImpacted code can look something like this:\n\n```\nRack::Request.new(env).params\n```\n\nBut any code that uses the multi-part parser may be vulnerable.\n\nRack users that have manually adjusted the buffer size in the multipart parser\nmay be vulnerable as well.\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe 2.0.6 release is available at the normal locations.\n\nWorkarounds\n-----------\nTo work around this issue, the following code can be used:\n\n```\nrequire \"rack/multipart/parser\"\n\nRack::Multipart::Parser.send :remove_const, :BUFSIZE\nRack::Multipart::Parser.const_set :BUFSIZE, 16384\n```\n",
      "gem": "rack",
      "ghsa": "hg78-4f6x-99wq",
      "patched_versions": [
        "\u003e= 2.0.6"
      ],
      "title": "Possible DoS vulnerability in Rack",
      "unaffected_versions": [
        "\u003c= 2.0.3"
      ],
      "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=2.0.4 \u003c=2.0.5",
          "affected_versions": "All versions starting from 2.0.4 up to 2.0.5",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-400",
            "CWE-937"
          ],
          "date": "2019-10-09",
          "description": "There is a possible DoS vulnerability in the multipart parser in Rack. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.",
          "fixed_versions": [
            "2.0.6"
          ],
          "identifier": "CVE-2018-16470",
          "identifiers": [
            "CVE-2018-16470"
          ],
          "not_impacted": "All versions before 2.0.4, all versions after 2.0.5",
          "package_slug": "gem/rack",
          "pubdate": "2018-11-13",
          "solution": "Upgrade to version 2.0.6 or above.",
          "title": "Uncontrolled Resource Consumption",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-16470"
          ],
          "uuid": "fafa07ab-4b63-433a-a2aa-573f542f8f4d"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rack_project:rack:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rack_project:rack:2.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-assignments@hackerone.com",
          "ID": "CVE-2018-16470"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ"
            },
            {
              "name": "RHSA-2019:3172",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2019:3172"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-09T23:36Z",
      "publishedDate": "2018-11-13T23:29Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.