CVE-2021-36773

Exploit

EPSS 1.51%
Published 18.07.2021 04:15:08
Last modified 21.11.2024 06:14:04
Source cve@mitre.org
Teams watchlist Login
Open Login

uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality).

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Sciruby ≫ Nmatrix Version < 4.4.9

Ublockorigin ≫ Ublock Origin Version < 1.36.2

Umatrix Project ≫ Umatrix Version < 1.4.2

Debian ≫ Debian Linux Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.51%	0.806

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-674 Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

https://github.com/vtriolet/writings/blob/main/posts/2021/ublock_origin_and_umatrix_denial_of_service.adoc

Third Party Advisory

Exploit

https://lists.debian.org/debian-lts-announce/2022/06/msg00024.html

Third Party Advisory

Mailing List

https://news.ycombinator.com/item?id=27833752

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2021-36773

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-36773

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-36773

EUVD