Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-22796
HistoryFeb 09, 2023 - 12:00 a.m.

CVE-2023-22796

2023-02-0900:00:00
ubuntu.com
ubuntu.com
7

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.7%

A regular expression based DoS vulnerability in Active Support <6.1.7.1 and
<7.0.4.1. A specially crafted string passed to the underscore method can
cause the regular expression engine to enter a state of catastrophic
backtracking. This can cause the process to use large amounts of CPU and
memory, leading to a possible DoS vulnerability.

Notes

Author Note
seth-arnold In Oneiric-Saucy, rails package is just for transition; The rails package contains actual code from vivid onward

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.7%