CVE-2023-27539 | Vulnerability Database

This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.

This page will reflect the classification results once they are available through NVD.

Any vendor information available is shown as below.

Redhat

rubygem-rack: denial of service in header parsing

Mitigation

Setting Regexp.timeout in Ruby 3.2 is a possible workaround.

Affected Software List

Name	Vendor	Version
Red Hat Enterprise Linux 8	RedHat	pcs-0:0.10.15-4.el8_8.1
Red Hat Enterprise Linux 8.4 Extended Update Support	RedHat	pcs-0:0.10.8-1.el8_4.4
Red Hat Enterprise Linux 8.6 Extended Update Support	RedHat	pcs-0:0.10.12-6.el8_6.4
Red Hat Enterprise Linux 9	RedHat	pcs-0:0.11.4-7.el9_2
Red Hat Enterprise Linux 9.0 Extended Update Support	RedHat	pcs-0:0.11.1-10.el9_0.4
Red Hat Satellite 6.14 for RHEL 8	RedHat	rubygem-rack-0:2.2.7-1.el8sat
Red Hat Satellite 6.14 for RHEL 8	RedHat	rubygem-rack-0:2.2.7-1.el8sat
RHOL-5.6-RHEL-8	RedHat	openshift-logging/fluentd-rhel8:v1.14.6-113
RHOL-5.7-RHEL-8	RedHat	openshift-logging/fluentd-rhel8:v1.14.6-140

Ubuntu

Possible Denial of Service Vulnerability in Rack’s header parsing

Affected Software List

Name	Vendor	Version
Ruby-rack	Ubuntu/esm-infra-legacy/trusty	TBD
Ruby-rack	Ubuntu/jammy
Ruby-rack	Ubuntu/trusty/esm	1.5.2-3+deb8u3ubuntu1~esm7
Ruby-rack	Ubuntu/upstream	2.2.6.4-1
Ruby-rack	Ubuntu/esm-apps/focal	2.0.7-2ubuntu0.1+esm4
Ruby-rack	Ubuntu/focal
Ruby-rack	Ubuntu/lunar	end of life, was needs-triage
Ruby-rack	Ubuntu/xenial	end of standard support
Ruby-rack	Ubuntu/bionic	end of standard support, was needs-triage
Ruby-rack	Ubuntu/esm-apps/bionic	1.6.4-4ubuntu0.2+esm5
Ruby-rack	Ubuntu/trusty	end of standard support
Ruby-rack	Ubuntu/esm-apps/jammy	2.1.4-5ubuntu1+esm4
Ruby-rack	Ubuntu/esm-apps/xenial	1.6.4-3ubuntu0.2+esm5
Ruby-rack	Ubuntu/kinetic	end of life, was needs-triage
Ruby-rack	Ubuntu/mantic	2.2.4-3ubuntu0.1