Vulnerability Description
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rack | Rack | < 2.0.9.3 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-mPatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2023/04/msg00017.htmlMailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20231208-0015/
- https://www.debian.org/security/2023/dsa-5530Third Party Advisory
- https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-mPatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2023/04/msg00017.htmlMailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20231208-0015/
- https://www.debian.org/security/2023/dsa-5530Third Party Advisory
FAQ
What is CVE-2023-27530?
CVE-2023-27530 is a vulnerability with a CVSS score of 7.5 (HIGH). A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause...
How severe is CVE-2023-27530?
CVE-2023-27530 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-27530?
Check the references section above for vendor advisories and patch information. Affected products include: Rack Rack, Debian Debian Linux.