CVE-2021-36773

Summary

CVE	CVE-2021-36773
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-07-18 04:15:00 UTC
Updated	2023-01-20 02:12:00 UTC
Description	uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality).

Risk And Classification

Problem Types: CWE-674

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	9.0	All	All	All
Application	Sciruby	Nmatrix	All	All	All	All
Application	Ublockorigin	Ublock Origin	All	All	All	All
Application	Umatrix Project	Umatrix	All	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] [DLA 3062-1] ublock-origin security update	MLIST	lists.debian.org
uBlock Origin (and uMatrix) DoS with strict-blocking filter and crafted URL \| Hacker News	MISC	news.ycombinator.com
writings/ublock_origin_and_umatrix_denial_of_service.adoc at main · vtriolet/writings · GitHub	MISC	github.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

179482 Debian Security Update for ublock-origin (CVE-2021-36773)
179975 Debian Security Update for ublock-origin (DLA 3062-1)