PT-2021-21349 · Matrix+2 · Matrix+2
Vtriolet
·
Published
2021-07-13
·
Updated
2023-01-20
·
CVE-2021-36773
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
uBlock Origin versions prior to 1.36.2
nMatrix versions prior to 4.4.9
Description
The issue allows crafted web sites to cause a denial of service due to unbounded recursion, which can trigger memory consumption and a loss of all blocking functionality. This is possible because the software supports an arbitrary depth of parameter nesting for strict blocking.
Recommendations
For uBlock Origin versions prior to 1.36.2, update to version 1.36.2 or later to resolve the issue.
For nMatrix versions prior to 4.4.9, update to version 4.4.9 or later to resolve the issue.
As a temporary workaround, consider restricting the depth of parameter nesting for strict blocking to prevent unbounded recursion.
Exploit
Fix
DoS
Uncontrolled Recursion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Matrix
Ublock Origin