Allocation of Resources Without Limits or Throttling Affecting rmt-server package, versions <2.13-150100.3.45.1
Threat Intelligence
EPSS
0.09% (38th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-SLES151-RMTSERVER-5603202
- published 26 May 2023
- disclosed 25 May 2023
Introduced: 25 May 2023
CVE-2023-27530 Open this link in a new tabHow to fix?
Upgrade SLES:15.1 rmt-server to version 2.13-150100.3.45.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream rmt-server package and not the rmt-server package as distributed by SLES.
See How to fix? for SLES:15.1 relevant fixed versions and status.
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
References
- https://www.suse.com/security/cve/CVE-2023-27530.html
- https://bugzilla.suse.com/1209095
- https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388
- https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html
- https://www.debian.org/security/2023/dsa-5530
- https://security.netapp.com/advisory/ntap-20231208-0015/
CVSS Scores
version 3.1