CVE-2021-32823

Name of the Vulnerable Software and Affected Versions bindata RubyGem versions prior to 2.4.10

Description The issue is related to a potential denial-of-service vulnerability in the bindata RubyGem. In affected versions, it is very slow for certain classes in BinData to be created, such as BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, and BinData::Bit<N>. When combined with <user input>.constantize, there is a potential for a CPU-based denial-of-service attack. This vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For bindata RubyGem versions prior to 2.4.10, update to version 2.4.10 or later, which improves the creation time of Bits and Integers, addressing the potential denial-of-service vulnerability. As a temporary workaround, consider restricting the use of the vulnerable classes, such as BinData::Bit<N>, to minimize the risk of exploitation. Additionally, avoid using the <user input>.constantize method in combination with these classes until the issue is resolved.