Early Access — Mondoo Vulnerability Intelligence is currently in preview.

UBUNTU-CVE-2023-27530 | Mondoo Vulnerability Intelligence

UBUNTU-CVE-2023-27530

HIGH7.5

A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause

Published Mar 10, 2023

Modified 7 months ago

Fix available

Details

Affected Packages

Ubuntu:Pro:14.04:LTSruby-rack

Affected versions:

1.5.2-11.5.2-1ubuntu0.1~esm11.5.2-3+deb8u3ubuntu1~esm101.5.2-3+deb8u3ubuntu1~esm21.5.2-3+deb8u3ubuntu1~esm31.5.2-3+deb8u3ubuntu1~esm41.5.2-3+deb8u3ubuntu1~esm61.5.2-3+deb8u3ubuntu1~esm71.5.2-3+deb8u3ubuntu1~esm81.5.2-3+deb8u3ubuntu1~esm9

Ubuntu:Pro:16.04:LTSruby-rack

Affected versions:

1.5.2-41.6.4-21.6.4-31.6.4-3ubuntu0.11.6.4-3ubuntu0.21.6.4-3ubuntu0.2+esm11.6.4-3ubuntu0.2+esm21.6.4-3ubuntu0.2+esm41.6.4-3ubuntu0.2+esm51.6.4-3ubuntu0.2+esm6+2 more

Ubuntu:Pro:18.04:LTSruby-rack

Affected versions:

1.6.4-41.6.4-4ubuntu0.11.6.4-4ubuntu0.21.6.4-4ubuntu0.2+esm11.6.4-4ubuntu0.2+esm21.6.4-4ubuntu0.2+esm41.6.4-4ubuntu0.2+esm51.6.4-4ubuntu0.2+esm61.6.4-4ubuntu0.2+esm71.6.4-4ubuntu0.2+esm8

Ubuntu:Pro:20.04:LTSruby-rack

Affected versions:

2.0.6-32.0.7-22.0.7-2ubuntu0.12.0.7-2ubuntu0.1+esm12.0.7-2ubuntu0.1+esm22.0.7-2ubuntu0.1+esm3

Fixed in:

2.0.7-2ubuntu0.1+esm4

Ubuntu:22.04:LTSruby-rack

Affected versions:

2.1.4-32.1.4-42.1.4-52.1.4-5ubuntu1

Fixed in:

2.1.4-5ubuntu1.1

Ubuntu:Pro:22.04:LTSruby-rack

Affected versions:

2.1.4-32.1.4-42.1.4-52.1.4-5ubuntu12.1.4-5ubuntu1+esm22.1.4-5ubuntu1+esm3

Fixed in:

2.1.4-5ubuntu1+esm4

Ubuntu:24.10ruby-rack

Fixed in:

2.2.7-1

Ubuntu:24.04:LTSruby-rack

Affected versions:

2.2.4-3

Fixed in:

2.2.7-1

Ubuntu:14.04:LTSruby-rack

Affected versions:

Ubuntu:16.04:LTSruby-rack

Affected versions:

1.5.2-41.6.4-21.6.4-31.6.4-3ubuntu0.11.6.4-3ubuntu0.21.6.4-3ubuntu0.2+esm11.6.4-3ubuntu0.2+esm21.6.4-3ubuntu0.2+esm41.6.4-3ubuntu0.2+esm51.6.4-3ubuntu0.2+esm6+2 more

Ubuntu:18.04:LTSruby-rack

Affected versions:

1.6.4-41.6.4-4ubuntu0.11.6.4-4ubuntu0.21.6.4-4ubuntu0.2+esm11.6.4-4ubuntu0.2+esm21.6.4-4ubuntu0.2+esm41.6.4-4ubuntu0.2+esm51.6.4-4ubuntu0.2+esm61.6.4-4ubuntu0.2+esm71.6.4-4ubuntu0.2+esm8

Ubuntu:20.04:LTSruby-rack

Affected versions:

2.0.6-32.0.7-22.0.7-2ubuntu0.12.0.7-2ubuntu0.1+esm12.0.7-2ubuntu0.1+esm22.0.7-2ubuntu0.1+esm3

References

REPORThttps://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388 REPORThttps://ubuntu.com/security/CVE-2023-27530 REPORThttps://ubuntu.com/security/notices/USN-6837-1 REPORThttps://ubuntu.com/security/notices/USN-6905-1 REPORThttps://ubuntu.com/security/notices/USN-7036-1 REPORThttps://www.cve.org/CVERecord?id=CVE-2023-27530

CVSS Analysis

CVSS v3.1

7.5

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2023-27530 USN-6837-1 USN-6905-1 USN-7036-1

Ecosystems

Ubuntu Pro 14.04 LTS Ubuntu Pro 16.04 LTS Ubuntu Pro 18.04 LTS Ubuntu Pro 20.04 LTS Ubuntu 22.04 LTS Ubuntu Pro 22.04 LTS Ubuntu 24.10 Ubuntu 24.04 LTS Ubuntu 14.04 LTS Ubuntu 16.04 LTS Ubuntu 18.04 LTS Ubuntu 20.04 LTS

Timeline

PublishedMar 10, 2023

ModifiedJun 3, 2025

UBUNTU-CVE-2023-27530

Details

Affected Packages

References

CVSS Analysis

Related

Ecosystems

Timeline