Early Access — Mondoo Vulnerability Intelligence is currently in preview.

UBUNTU-CVE-2023-27539 | Mondoo Vulnerability Intelligence

UBUNTU-CVE-2023-27539

MEDIUM5.3

There is a denial of service vulnerability in the header parsing component of Rack.

Published Mar 22, 2023

Modified 7 months ago

Fix available

Details

There is a denial of service vulnerability in the header parsing component of Rack.

Affected Packages

Ubuntu:Pro:14.04:LTSruby-rack

Affected versions:

1.5.2-11.5.2-1ubuntu0.1~esm11.5.2-3+deb8u3ubuntu1~esm21.5.2-3+deb8u3ubuntu1~esm31.5.2-3+deb8u3ubuntu1~esm41.5.2-3+deb8u3ubuntu1~esm6

Fixed in:

1.5.2-3+deb8u3ubuntu1~esm7

Ubuntu:Pro:16.04:LTSruby-rack

Affected versions:

1.5.2-41.6.4-21.6.4-31.6.4-3ubuntu0.11.6.4-3ubuntu0.21.6.4-3ubuntu0.2+esm11.6.4-3ubuntu0.2+esm21.6.4-3ubuntu0.2+esm4

Fixed in:

1.6.4-3ubuntu0.2+esm5

Ubuntu:Pro:18.04:LTSruby-rack

Affected versions:

1.6.4-41.6.4-4ubuntu0.11.6.4-4ubuntu0.21.6.4-4ubuntu0.2+esm11.6.4-4ubuntu0.2+esm21.6.4-4ubuntu0.2+esm4

Fixed in:

1.6.4-4ubuntu0.2+esm5

Ubuntu:Pro:20.04:LTSruby-rack

Affected versions:

2.0.6-32.0.7-22.0.7-2ubuntu0.12.0.7-2ubuntu0.1+esm12.0.7-2ubuntu0.1+esm22.0.7-2ubuntu0.1+esm3

Fixed in:

2.0.7-2ubuntu0.1+esm4

Ubuntu:22.04:LTSruby-rack

Affected versions:

2.1.4-32.1.4-42.1.4-52.1.4-5ubuntu1

Fixed in:

2.1.4-5ubuntu1.1

Ubuntu:Pro:22.04:LTSruby-rack

Affected versions:

2.1.4-32.1.4-42.1.4-52.1.4-5ubuntu12.1.4-5ubuntu1+esm22.1.4-5ubuntu1+esm3

Fixed in:

2.1.4-5ubuntu1+esm4

Ubuntu:24.10ruby-rack

Fixed in:

2.2.7-1

Ubuntu:24.04:LTSruby-rack

Affected versions:

2.2.4-3

Fixed in:

2.2.7-1

Ubuntu:14.04:LTSruby-rack

Affected versions:

1.5.2-11.5.2-1ubuntu0.1~esm11.5.2-3+deb8u3ubuntu1~esm21.5.2-3+deb8u3ubuntu1~esm31.5.2-3+deb8u3ubuntu1~esm41.5.2-3+deb8u3ubuntu1~esm6

Ubuntu:16.04:LTSruby-rack

Affected versions:

1.5.2-41.6.4-21.6.4-31.6.4-3ubuntu0.11.6.4-3ubuntu0.21.6.4-3ubuntu0.2+esm11.6.4-3ubuntu0.2+esm21.6.4-3ubuntu0.2+esm4

Ubuntu:18.04:LTSruby-rack

Affected versions:

1.6.4-41.6.4-4ubuntu0.11.6.4-4ubuntu0.21.6.4-4ubuntu0.2+esm11.6.4-4ubuntu0.2+esm21.6.4-4ubuntu0.2+esm4

Ubuntu:20.04:LTSruby-rack

Affected versions:

2.0.6-32.0.7-22.0.7-2ubuntu0.12.0.7-2ubuntu0.1+esm12.0.7-2ubuntu0.1+esm22.0.7-2ubuntu0.1+esm3

References

REPORThttps://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466 REPORThttps://ubuntu.com/security/CVE-2023-27539 REPORThttps://ubuntu.com/security/notices/USN-6689-1 REPORThttps://ubuntu.com/security/notices/USN-6905-1 REPORThttps://ubuntu.com/security/notices/USN-7036-1 REPORThttps://www.cve.org/CVERecord?id=CVE-2023-27539

CVSS Analysis

CVSS v3.1

5.3

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

LowC:L

Integrity

NoneI:N

Availability

NoneA:N

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2023-27539 USN-6689-1 USN-6905-1 USN-7036-1

Ecosystems

Ubuntu Pro 14.04 LTS Ubuntu Pro 16.04 LTS Ubuntu Pro 18.04 LTS Ubuntu Pro 20.04 LTS Ubuntu 22.04 LTS Ubuntu Pro 22.04 LTS Ubuntu 24.10 Ubuntu 24.04 LTS Ubuntu 14.04 LTS Ubuntu 16.04 LTS Ubuntu 18.04 LTS Ubuntu 20.04 LTS

Timeline

PublishedMar 22, 2023

ModifiedJun 3, 2025

UBUNTU-CVE-2023-27539

Details

Affected Packages

References

CVSS Analysis

Related

Ecosystems

Timeline