CVE-2021-32823

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-32823
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32823.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-32823
Aliases
Downstream
Published
2021-06-24T00:15:08.103Z
Modified
2026-04-10T04:33:56.382108Z
Severity
  • 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit<N>. In combination with <user_input>.constantize there is a potential for a CPU-based DoS. In version 2.4.10 bindata improved the creation time of Bits and Integers.

References

Affected packages

Git / github.com/dmendel/bindata

Affected ranges

Type
GIT
Repo
https://github.com/dmendel/bindata
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
de567f8cbdc6db612b51fe27eddf4c358548ce08
Fixed
d99f050b88337559be2cb35906c1f8da49531323
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.4.10"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
3b13818e8330f68625d80d9bf5d8049c41fbe197
Fixed
7327f6c9bf4fa71bc518992f995cc7648c102c07
Introduced
3b13818e8330f68625d80d9bf5d8049c41fbe197
Fixed
7327f6c9bf4fa71bc518992f995cc7648c102c07
Introduced
47f41a4a74f364c731aafd34a93bddb630f62230
Fixed
d6e2cf8d41eceec30c20b921d9779bbd539ae594
Introduced
47f41a4a74f364c731aafd34a93bddb630f62230
Fixed
d6e2cf8d41eceec30c20b921d9779bbd539ae594
Introduced
12a3ec8fb4a540576b2d47247bc86ea7e2c7565b
Fixed
865a93b831bfcc63d49d6f2d14ccfafe216e4a99
Introduced
12a3ec8fb4a540576b2d47247bc86ea7e2c7565b
Fixed
865a93b831bfcc63d49d6f2d14ccfafe216e4a99
Database specific 
{
    "versions": [
        {
            "introduced": "12.0"
        },
        {
            "fixed": "13.10.5"
        },
        {
            "introduced": "12.0"
        },
        {
            "fixed": "13.10.5"
        },
        {
            "introduced": "13.11.0"
        },
        {
            "fixed": "13.11.5"
        },
        {
            "introduced": "13.11.0"
        },
        {
            "fixed": "13.11.5"
        },
        {
            "introduced": "13.12.0"
        },
        {
            "fixed": "13.12.2"
        },
        {
            "introduced": "13.12.0"
        },
        {
            "fixed": "13.12.2"
        }
    ]
}

Affected versions

1.*
1.5.0
v1.*
v1.5.1
v1.6.0
v1.8.0
v13.*
v13.11.0-ee
v13.11.1-ee
v13.11.3-ee
v13.11.4-ee
v13.12.0-ee
v13.12.1-ee
v2.*
v2.0.0
v2.1.0
v2.2.0
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7
v2.4.8
v2.4.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32823.json"