Lucene search

[email protected]CVE-2021-36773

HistoryJul 18, 2021 - 4:15 a.m.

CVE-2021-36773

2021-07-1804:15:00

CWE-674

[email protected]

web.nvd.nist.gov

cve-2021-36773

ublock origin

nmatrix

arbitrary depth

parameter nesting

denial of service

memory consumption

blocking functionality

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

72.5%

JSON

uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality).

CPENameOperatorVersion
sciruby:nmatrixsciruby nmatrixlt4.4.9
ublockorigin:ublock_originublockorigin ublock originlt1.36.2
umatrix_project:umatrixumatrix project umatrixlt1.4.2
debian:debian_linuxdebian debian linuxeq9.0

CPE	Name	Operator	Version
sciruby:nmatrix	sciruby nmatrix	lt	4.4.9
ublockorigin:ublock_origin	ublockorigin ublock origin	lt	1.36.2
umatrix_project:umatrix	umatrix project umatrix	lt	1.4.2
debian:debian_linux	debian debian linux	eq	9.0