[DRE-maint] Bug#960064: ruby-mail: DoS on excessive or deeply nested parts
Ruby mail user
nightmare at bogomips.org
Fri May 8 23:07:10 BST 2020
Package: ruby-mail
Severity: important
Tags: upstream, security
Messages with too many tiny MIME parts can OOM on split().
Messages with many nested MIME parts can also OOM (not sure
about recursion).
Upstream is responsive and working on a fix.
Small messages can generate these, since the a boundary
only needs to be 4 bytes "--a\n" and the header+body of
each part can just be 4 bytes "x:y\n\n", too.
Ruby needs 40 bytes to represent a 4 byte string on 64-bit:
This affects many other MIME parsers, too.
More information about the Pkg-ruby-extras-maintainers
mailing list