gsd-2018-16470
Vulnerability from gsd
Modified
2018-11-05 00:00
Details
There is a possible DoS vulnerability in the multipart parser in Rack. This vulnerability has been assigned the CVE identifier CVE-2018-16470. Versions Affected: 2.0.4, 2.0.5 Not affected: <= 2.0.3 Fixed Versions: 2.0.6 Impact ------ There is a possible DoS vulnerability in the multipart parser in Rack. Carefully crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size. Impacted code can look something like this: ``` Rack::Request.new(env).params ``` But any code that uses the multi-part parser may be vulnerable. Rack users that have manually adjusted the buffer size in the multipart parser may be vulnerable as well. All users running an affected release should either upgrade or use one of the workarounds immediately. Releases -------- The 2.0.6 release is available at the normal locations. Workarounds ----------- To work around this issue, the following code can be used: ``` require "rack/multipart/parser" Rack::Multipart::Parser.send :remove_const, :BUFSIZE Rack::Multipart::Parser.const_set :BUFSIZE, 16384 ```
Aliases
Aliases
CVE-2018-16470


To clipboard 

{
  "GSD": {
    "alias": "CVE-2018-16470",
    "description": "There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.",
    "id": "GSD-2018-16470",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-16470.html",
      "https://access.redhat.com/errata/RHSA-2019:3172"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "rack",
            "purl": "pkg:gem/rack"
          }
        }
      ],
      "aliases": [
        "CVE-2018-16470",
        "GHSA-hg78-4f6x-99wq"
      ],
      "details": "There is a possible DoS vulnerability in the multipart parser in Rack. This\nvulnerability has been assigned the CVE identifier CVE-2018-16470.\n\nVersions Affected:  2.0.4, 2.0.5\nNot affected:       \u003c= 2.0.3\nFixed Versions:     2.0.6\n\nImpact\n------\nThere is a possible DoS vulnerability in the multipart parser in Rack.\nCarefully crafted requests can cause the multipart parser to enter a\npathological state, causing the parser to use CPU resources disproportionate to\nthe request size.\n\nImpacted code can look something like this:\n\n```\nRack::Request.new(env).params\n```\n\nBut any code that uses the multi-part parser may be vulnerable.\n\nRack users that have manually adjusted the buffer size in the multipart parser\nmay be vulnerable as well.\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe 2.0.6 release is available at the normal locations.\n\nWorkarounds\n-----------\nTo work around this issue, the following code can be used:\n\n```\nrequire \"rack/multipart/parser\"\n\nRack::Multipart::Parser.send :remove_const, :BUFSIZE\nRack::Multipart::Parser.const_set :BUFSIZE, 16384\n```\n",
      "id": "GSD-2018-16470",
      "modified": "2018-11-05T00:00:00.000Z",
      "published": "2018-11-05T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk"
        }
      ],
      "schema_version": "1.4.0",
      "summary": "Possible DoS vulnerability in Rack"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "support@hackerone.com",
        "ID": "CVE-2018-16470",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Rack",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2.0.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Rack"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Denial of Service (CWE-400)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ",
            "refsource": "MISC",
            "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ"
          },
          {
            "name": "RHSA-2019:3172",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:3172"
          }
        ]
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2018-16470",
      "date": "2018-11-05",
      "description": "There is a possible DoS vulnerability in the multipart parser in Rack. This\nvulnerability has been assigned the CVE identifier CVE-2018-16470.\n\nVersions Affected:  2.0.4, 2.0.5\nNot affected:       \u003c= 2.0.3\nFixed Versions:     2.0.6\n\nImpact\n------\nThere is a possible DoS vulnerability in the multipart parser in Rack.\nCarefully crafted requests can cause the multipart parser to enter a\npathological state, causing the parser to use CPU resources disproportionate to\nthe request size.\n\nImpacted code can look something like this:\n\n```\nRack::Request.new(env).params\n```\n\nBut any code that uses the multi-part parser may be vulnerable.\n\nRack users that have manually adjusted the buffer size in the multipart parser\nmay be vulnerable as well.\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe 2.0.6 release is available at the normal locations.\n\nWorkarounds\n-----------\nTo work around this issue, the following code can be used:\n\n```\nrequire \"rack/multipart/parser\"\n\nRack::Multipart::Parser.send :remove_const, :BUFSIZE\nRack::Multipart::Parser.const_set :BUFSIZE, 16384\n```\n",
      "gem": "rack",
      "ghsa": "hg78-4f6x-99wq",
      "patched_versions": [
        "\u003e= 2.0.6"
      ],
      "title": "Possible DoS vulnerability in Rack",
      "unaffected_versions": [
        "\u003c= 2.0.3"
      ],
      "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=2.0.4 \u003c=2.0.5",
          "affected_versions": "All versions starting from 2.0.4 up to 2.0.5",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-400",
            "CWE-937"
          ],
          "date": "2019-10-09",
          "description": "There is a possible DoS vulnerability in the multipart parser in Rack. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.",
          "fixed_versions": [
            "2.0.6"
          ],
          "identifier": "CVE-2018-16470",
          "identifiers": [
            "CVE-2018-16470"
          ],
          "not_impacted": "All versions before 2.0.4, all versions after 2.0.5",
          "package_slug": "gem/rack",
          "pubdate": "2018-11-13",
          "solution": "Upgrade to version 2.0.6 or above.",
          "title": "Uncontrolled Resource Consumption",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-16470"
          ],
          "uuid": "fafa07ab-4b63-433a-a2aa-573f542f8f4d"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rack_project:rack:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rack_project:rack:2.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-assignments@hackerone.com",
          "ID": "CVE-2018-16470"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ"
            },
            {
              "name": "RHSA-2019:3172",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2019:3172"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-09T23:36Z",
      "publishedDate": "2018-11-13T23:29Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.