Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-32823


In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit<N>. In combination with <user_input>.constantize there is a potential for a CPU-based DoS. In version 2.4.10 bindata improved the creation time of Bits and Integers.


Published

2021-06-24T00:15:08.103

Last Modified

2024-11-21T06:07:49.403

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.7 (LOW)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-400
  • Type: Primary
    NVD-CWE-Other

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application bindata_project bindata < 2.4.10 Yes
Application gitlab gitlab < 13.10.5 Yes
Application gitlab gitlab < 13.10.5 Yes
Application gitlab gitlab < 13.11.5 Yes
Application gitlab gitlab < 13.11.5 Yes
Application gitlab gitlab < 13.12.2 Yes
Application gitlab gitlab < 13.12.2 Yes

References