CVE-2021-36773

uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality).

References

Affected packages

Debian:11 / ublock-origin

Package

Name: ublock-origin
Purl: pkg:deb/debian/ublock-origin?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.37.0+dfsg-1~deb11u1

Affected versions

1.*

1.33.0+dfsg-1

1.37.0+dfsg-1~deb10u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ublock-origin

Package

Name: ublock-origin
Purl: pkg:deb/debian/ublock-origin?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.37.0+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ublock-origin

Package

Name: ublock-origin
Purl: pkg:deb/debian/ublock-origin?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.37.0+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/gorhill/ublock

Affected ranges

Type: GIT
Repo: https://github.com/gorhill/ublock
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8b5733a58d3acf9fb62815e14699c986bd1c2fdc

Type: GIT
Repo: https://github.com/gorhill/umatrix
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

be3990e24e39f46a22dadb247028bae75621d75d