CVE-2021-36773
HIGHnMatrix < 4.4.9 - Denial of Service via Unbounded Recursion in Strict Blocking
Title source: llmDescription
uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality).
References (3)
Core 3
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://news.ycombinator.com/item?id=27833752
Exploit, Third Party Advisory x_refsource_misc
https://github.com/vtriolet/writings/blob/main/posts/2021/ublock_origin_and_umatrix_denial_of_service.adoc
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/06/msg00024.html
Scores
CVSS v3
7.5
EPSS
0.0126
EPSS Percentile
65.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-674
Status
published
Products (4)
debian/debian_linux
9.0
sciruby/nmatrix
< 4.4.9
ublockorigin/ublock_origin
< 1.36.2
umatrix_project/umatrix
< 1.4.2
Published
Jul 18, 2021
Tracked Since
Feb 18, 2026