// For flags

CVE-2013-0183

rubygem-rack: receiving excessively long lines triggers out-of-memory error

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.

multipart/parser.rb de Rack v1.3.x antes de v1.3.8 y v1.4.x antes de v1.4.3 permite a atacantes remotos causar una denegaciĆ³n de servicios (consumo de memoria y accesos fuera de rango) usando un long string en un paquete Multipart HTTP.

The update of librack-ruby in DSA-2783-1 also addressed CVE-2013-0183. The patch applied breaks rails applications like redmine (see Debian Bug #727187). Updated packages are available to address this problem.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-12-06 CVE Reserved
  • 2013-03-01 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-400: Uncontrolled Resource Consumption
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Rack Project
Search vendor "Rack Project"
 Rack
Search vendor "Rack Project" for product "Rack"
 1.3.0
Search vendor "Rack Project" for product "Rack" and version "1.3.0"
-
Affected
Rack Project
Search vendor "Rack Project"
 Rack
Search vendor "Rack Project" for product "Rack"
 1.3.1
Search vendor "Rack Project" for product "Rack" and version "1.3.1"
-
Affected
Rack Project
Search vendor "Rack Project"
 Rack
Search vendor "Rack Project" for product "Rack"
 1.3.2
Search vendor "Rack Project" for product "Rack" and version "1.3.2"
-
Affected
Rack Project
Search vendor "Rack Project"
 Rack
Search vendor "Rack Project" for product "Rack"
 1.3.3
Search vendor "Rack Project" for product "Rack" and version "1.3.3"
-
Affected
Rack Project
Search vendor "Rack Project"
 Rack
Search vendor "Rack Project" for product "Rack"
 1.3.4
Search vendor "Rack Project" for product "Rack" and version "1.3.4"
-
Affected
Rack Project
Search vendor "Rack Project"
 Rack
Search vendor "Rack Project" for product "Rack"
 1.3.5
Search vendor "Rack Project" for product "Rack" and version "1.3.5"
-
Affected
Rack Project
Search vendor "Rack Project"
 Rack
Search vendor "Rack Project" for product "Rack"
 1.3.6
Search vendor "Rack Project" for product "Rack" and version "1.3.6"
-
Affected
Rack Project
Search vendor "Rack Project"
 Rack
Search vendor "Rack Project" for product "Rack"
 1.3.7
Search vendor "Rack Project" for product "Rack" and version "1.3.7"
-
Affected
Rack Project
Search vendor "Rack Project"
 Rack
Search vendor "Rack Project" for product "Rack"
 1.4.0
Search vendor "Rack Project" for product "Rack" and version "1.4.0"
-
Affected
Rack Project
Search vendor "Rack Project"
 Rack
Search vendor "Rack Project" for product "Rack"
 1.4.1
Search vendor "Rack Project" for product "Rack" and version "1.4.1"
-
Affected
Rack Project
Search vendor "Rack Project"
 Rack
Search vendor "Rack Project" for product "Rack"
 1.4.2
Search vendor "Rack Project" for product "Rack" and version "1.4.2"
-
Affected