CVE-2024-47889
Denial of Service (DoS) vulnerability in actionmailer (RubyGems)
What is CVE-2024-47889 About?
This vulnerability is a Regular Expression Denial of Service (ReDoS) within the 'block_format' helper in Action Mailer. Carefully crafted text can cause the helper to process an unexpectedly long time, leading to a Denial of Service. Exploitation is remote and unauthenticated, making it an accessible attack vector for disrupting service.
Affected Software
- actionmailer
- >=3.0.0, <6.1.7.9
- >=7.1.0, <7.1.4.1
- >=7.2.0, <7.2.1.1
- >=7.0.0, <7.0.8.5
Technical Details
The vulnerability, CVE-2024-47889, is a ReDoS issue found in the 'block_format' helper within Action Mailer. This helper, responsible for formatting text, uses a regular expression that is susceptible to catastrophic backtracking. An attacker can craft specific input text that, when processed by the problematic regular expression, causes it to become extremely inefficient. This leads to an exponential increase in processing time and resource consumption, specifically CPU cycles, to evaluate the regular expression. The prolonged processing for a single crafted request can consume all available resources of the server, thereby preventing the application from responding to other legitimate requests and leading to a Denial of Service condition. Ruby versions 3.2 or newer contain mitigations for this problem, making applications running on those versions unaffected.
What is the Impact of CVE-2024-47889?
Successful exploitation may allow attackers to consume excessive system resources, leading to a denial of service and making the application unavailable to legitimate users.
What is the Exploitability of CVE-2024-47889?
Exploitation of this vulnerability is remote and does not require authentication or special privileges. An attacker needs to deliver carefully crafted text input to the 'block_format' helper in Action Mailer. The method of delivery would typically involve sending an email or triggering text formatting via an application interface that utilizes this helper. The complexity lies in creating a text payload that reliably triggers catastrophic backtracking. A key prerequisite is that the application is running on a Ruby version older than 3.2.0. The lack of authentication and remote accessibility increases the likelihood of exploitation against vulnerable systems.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2024-47889?
Available Upgrade Options
- actionmailer
- >=3.0.0, <6.1.7.9 → Upgrade to 6.1.7.9
- actionmailer
- >=7.0.0, <7.0.8.5 → Upgrade to 7.0.8.5
- actionmailer
- >=7.1.0, <7.1.4.1 → Upgrade to 7.1.4.1
- actionmailer
- >=7.2.0, <7.2.1.1 → Upgrade to 7.2.1.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/rails/rails/commit/985f1923fa62806ff676e41de67c3b4552131ab9
- https://github.com/rails/rails/commit/be898cc996986decfe238341d96b2a6573b8fd2e
- https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6
- https://osv.dev/vulnerability/GHSA-h47h-mwp9-c6q6
- https://github.com/rails/rails/commit/0e5694f4d32544532d2301a9b4084eacb6986e94
- https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2024-47889.yml
- https://github.com/rails/rails/commit/3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3
- https://github.com/rails/rails
What are Similar Vulnerabilities to CVE-2024-47889?
Similar Vulnerabilities: CVE-2023-22795 , CVE-2022-37454 , CVE-2021-43818 , CVE-2020-8116 , CVE-2020-13936
