Potential Denial-of-Service in bindata

2021-06-2323:42:04

Google

osv.dev

0.002 Low

EPSS

Percentile

61.0%

JSON

In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit<N>. In combination with <user_input>.constantize there is a potential for a CPU-based DoS. In version 2.4.10, bindata improved the creation time of Bits and Integers.

CPENameOperatorVersion
bindataeq1.6.0
bindataeq1.4.1
bindataeq2.4.4
bindataeq0.9.3
bindataeq1.8.2
bindataeq2.0.0
bindataeq2.3.3
bindataeq2.4.7
bindataeq0.7.0
bindataeq0.8.0