High severityNVD Advisory· Published Nov 13, 2018· Updated Aug 5, 2024
CVE-2018-16470
CVE-2018-16470
Description
There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rackRubyGems | >= 2.0.4, < 2.0.6 | 2.0.6 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- access.redhat.com/errata/RHSA-2019:3172ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-hg78-4f6x-99wqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-16470ghsaADVISORY
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16470.ymlghsaWEB
- groups.google.com/forum/ghsaWEB
- groups.google.com/forum/ghsaWEB
- groups.google.com/forum/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.