CVE-2023-27539

rubygem-rack: denial of service in header parsing

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

There is a denial of service vulnerability in the header parsing component of Rack.

A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service.

It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of service. It was discovered that Rack was not properly escaping untrusted data when performing logging operations, which could cause shell escaped sequences to be written to a terminal. If a user or automated system were tricked into sending a specially crafted request to an application using Rack, a remote attacker could possibly use this issue to execute arbitrary code in the machine running the application.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-03-02 CVE Reserved
2023-04-25 CVE Published
2025-01-09 CVE Updated
2025-01-09 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-1333: Inefficient Regular Expression Complexity

CAPEC

References (9)

URL	Tag	Source
https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466
https://github.com/advisories/GHSA-c6qg-cjj8-47qp
https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c
https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff
https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html
https://security.netapp.com/advisory/ntap-20231208-0016
https://www.debian.org/security/2023/dsa-5530

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-27539	2023-11-08
https://bugzilla.redhat.com/show_bug.cgi?id=2179649	2023-11-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Rails Search vendor "Rails"		Rack Search vendor "Rails" for product "Rack"				2.2.6.4 Search vendor "Rails" for product "Rack" and version "2.2.6.4"		en		Affected
Rails Search vendor "Rails"		Rack Search vendor "Rails" for product "Rack"				3.0.6.1 Search vendor "Rails" for product "Rack" and version "3.0.6.1"		en		Affected