CVE-2021-36773
Last modified
CVE-2021-36773 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality).. EPSS estimates a 1.26% chance of exploitation in the next 30 days.
Description
uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality).
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sciruby | Nmatrix | < 4.4.9 |
| Ublockorigin | Ublock Origin | < 1.36.2 |
| Umatrix Project | Umatrix | < 1.4.2 |
| Debian | Debian Linux | 9.0 |
References
- https://github.com/vtriolet/writings/blob/main/posts/2021/ublock_origin_and_umatrix_denial_of_service.adocExploit, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/06/msg00024.htmlMailing List, Third Party Advisory
- https://news.ycombinator.com/item?id=27833752Issue Tracking, Third Party Advisory
- https://github.com/vtriolet/writings/blob/main/posts/2021/ublock_origin_and_umatrix_denial_of_service.adocExploit, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/06/msg00024.htmlMailing List, Third Party Advisory
- https://news.ycombinator.com/item?id=27833752Issue Tracking, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-36773?
How severe is CVE-2021-36773?
How do I fix CVE-2021-36773?
Are you affected by CVE-2021-36773?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST