DEBIAN-CVE-2023-36617

DEBIAN-CVE-2023-36617 PUBLISHED CVSS 5.300000190734863 MEDIUM

A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.

Risk Scores

CVSS 3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products

Vendor	Product	Versions
Debian:11	ruby2.7	0, 2.7.4-1, *

Timeline

Jun 29, 2023 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2023-36617 advisory

Open in Interactive Console →