CVE-2023-27539

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Rack versions 2.0.0 through 2.2.6.3 Rack versions 3.0.0 through 3.0.6.0

Description The issue is related to the header parsing component of Rack, which can be exploited to cause a denial of service. This can happen when carefully crafted input causes the header parsing to take an unexpected amount of time. The vulnerability can be exploited remotely, potentially allowing an attacker to cause a denial of service.

Recommendations For Rack versions 2.0.0 through 2.2.6.3, update to version 2.2.6.4 or later. For Rack versions 3.0.0 through 3.0.6.0, update to version 3.0.6.1 or later. As a temporary workaround, consider setting Regexp.timeout in Ruby 3.2 to mitigate the risk of exploitation.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333

Related Identifiers

ALSA-2023:2652

ALSA-2023:3082

BDU:2024-02582

CESA-2023_3082

CVE-2023-27539

DLA-3392-1

DSA-5530-1

GHSA-C6QG-CJJ8-47QP

MGASA-2024-0042

OPENSUSE-SU-2024:12789-1

OPENSUSE-SU-2024:12805-1

OPENSUSE-SU-2024:13726-1

OPENSUSE-SU-2024:13727-1

OPENSUSE-SU-2025:14811-1

OPENSUSE-SU-2025:14875-1

OPENSUSE-SU-2026:10286-1

OPENSUSE-SU-2026:10358-1

RHSA-2023:1961

RHSA-2023:1981

RHSA-2023:2652

RHSA-2023:3082

RHSA-2023:3403

RHSA-2023:6818

RHSA-2023_2652

RHSA-2023_3082

RLSA-2023:2652

RLSA-2023:3082

RLSA-2023:6818

SUSE-SU-2023:1685-1

SUSE-SU-2023:1869-1

SUSE-SU-2023_1685-1

USN-6689-1

USN-6905-1

USN-7036-1

Affected Products

Almalinux

Astra Linux

Centos

Linuxmint

Rack

Red Hat

Red Os

Rocky Linux

Ruby

Suse

Ubuntu

CVE-2023-27539

Weakness Enumeration

Related Identifiers

Affected Products

References · 121