Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-teq8-nqhf-xbbq
Vulnerability ID VCID-teq8-nqhf-xbbq
Aliases CVE-2013-0183
GHSA-3pxh-h8hw-mj8w
OSV-89320
Summary Improper Restriction of Operations within the Bounds of a Memory Buffer multipart/parser.rb in Rack allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-400 Uncontrolled Resource Consumption
System Score Found at
generic_textual MODERATE http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
generic_textual MODERATE http://rack.github.com
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0544.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0548.html
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2013:0544
generic_textual MODERATE https://access.redhat.com/security/cve/CVE-2013-0183
epss 0.01824 https://api.first.org/data/v1/epss?cve=CVE-2013-0183
epss 0.01824 https://api.first.org/data/v1/epss?cve=CVE-2013-0183
epss 0.01824 https://api.first.org/data/v1/epss?cve=CVE-2013-0183
epss 0.01824 https://api.first.org/data/v1/epss?cve=CVE-2013-0183
epss 0.01824 https://api.first.org/data/v1/epss?cve=CVE-2013-0183
epss 0.01824 https://api.first.org/data/v1/epss?cve=CVE-2013-0183
epss 0.01824 https://api.first.org/data/v1/epss?cve=CVE-2013-0183
epss 0.01824 https://api.first.org/data/v1/epss?cve=CVE-2013-0183
epss 0.01824 https://api.first.org/data/v1/epss?cve=CVE-2013-0183
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=895282
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-3pxh-h8hw-mj8w
generic_textual MODERATE https://github.com/rack/rack
generic_textual MODERATE https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff
generic_textual MODERATE https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18
generic_textual MODERATE https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0183.yml
generic_textual MODERATE https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs
generic_textual MODERATE https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI
generic_textual MODERATE https://groups.google.com/forum/#!topic/rack-devel/7ZKPNAjgRSs
generic_textual MODERATE https://groups.google.com/forum/#!topic/rack-devel/-MWPHDeGWtI
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2013-0183
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2013-0183
generic_textual MODERATE http://www.debian.org/security/2013/dsa-2783
Reference id Reference type URL
http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
http://rack.github.com
http://rack.github.com/
http://rhn.redhat.com/errata/RHSA-2013-0544.html
http://rhn.redhat.com/errata/RHSA-2013-0548.html
https://access.redhat.com/errata/RHSA-2013:0544
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0183.json
https://access.redhat.com/security/cve/CVE-2013-0183
https://api.first.org/data/v1/epss?cve=CVE-2013-0183
https://bugzilla.redhat.com/show_bug.cgi?id=895282
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0183
https://github.com/rack/rack
https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff
https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0183.yml
https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs
https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI
https://groups.google.com/forum/#!topic/rack-devel/7ZKPNAjgRSs
https://groups.google.com/forum/#!topic/rack-devel/-MWPHDeGWtI
http://www.debian.org/security/2013/dsa-2783
698440 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698440
cpe:2.3:a:rack_project:rack:1.3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.3.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.3.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.3.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.3.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.7:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.4.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.4.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.4.2:*:*:*:*:*:*:*
CVE-2013-0183 https://nvd.nist.gov/vuln/detail/CVE-2013-0183
GHSA-3pxh-h8hw-mj8w https://github.com/advisories/GHSA-3pxh-h8hw-mj8w
GLSA-201405-10 https://security.gentoo.org/glsa/201405-10
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2013-0183
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.82816
EPSS Score 0.01824
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:46:48.422117+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack/CVE-2013-0183.yml 38.0.0