CVE-2021-32823

Published
View on NVD ↗
CVSS v3
3.7
LOW
CVSS v2
4.3
MEDIUM
Affected
3
PROJECTS

Description

In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit<N>. In combination with <user_input>.constantize there is a potential for a CPU-based DoS. In version 2.4.10 bindata improved the creation time of Bits and Integers.

rubysec/ruby-advisory-db
rubysec/ruby-advisory-db
A database of vulnerable Ruby Gems
GitHubGitHub
1.06K
bindata
bindata
BinData is a declarative way to read and write binary file formats. This means the programmer specifies *what* the format of the binary data is, and BinData works out *how* to read and write data in this format. It is an easier ( and more readable ) alternative to ruby's #pack and #unpack methods.
RubyGemsRubyGems
134M
dmendel/bindata
dmendel/bindata
BinData - Reading and Writing Binary Data in Ruby
GitHubGitHub
638