Home > Vulnerability Database > CVE-2023-36461

Mend.io Vulnerability Database

CVE-2023-36461

Good to know:

Date: July 6, 2023

Mastodon is a free, open-source social network server based on ActivityPub. When performing outgoing HTTP queries, Mastodon sets a timeout on individual read operations. Prior to versions 3.5.9, 4.0.5, and 4.1.3, a malicious server can indefinitely extend the duration of the response through slowloris-type attacks. This vulnerability can be used to keep all Mastodon workers busy for an extended duration of time, leading to the server becoming unresponsive. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.

Language: Ruby

Severity Score

7.5

Related Resources (8)

Url: http://www.openwall.com/lists/oss-security/2023/07/06/7

Url: https://github.com/mastodon/mastodon/commit/c5929798bf7e56cc2c79b15bed0c4692ded3dcb6

Url: https://github.com/mastodon/mastodon/security/advisories/GHSA-9pxv-6qvf-pjwc

Url: https://github.com/mastodon/mastodon/releases/tag/v4.0.5

Url: https://github.com/mastodon/mastodon/releases/tag/v4.1.3

Url: https://github.com/mastodon/mastodon/releases/tag/v3.5.9

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-36461

Url: https://www.mend.io/vulnerability-database/CVE-2023-36461

Severity Score

7.5

Weakness Type (CWE)

Allocation of Resources Without Limits or Throttling

CWE-770

Top Fix

Upgrade Version

Upgrade to version v3.5.9,v4.0.5,v4.1.3

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-36461

Good to know:

Date: July 6, 2023

Language: Ruby

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?