Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-44570

Опубликовано: 09 фев. 2023
Источник: debian
EPSS Низкий

Описание

A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ruby-rackfixed2.2.4-3package

Примечания

  • https://github.com/rack/rack/commit/52721ae0b730e3920ad5375dfd5a3ea9b4f9e359 (v2.0.9.2)

  • https://github.com/rack/rack/commit/f66ef5c8255dcea82c1b2665fc9ab948b76bb437 (v2.1.4.2)

  • https://github.com/rack/rack/commit/f6d4f528f2df1318a6612845db0b59adc7fe8fc1 (v2.2.6.2)

EPSS

Процентиль: 84%
0.02366
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-44570

CVSS3: 7.5
ubuntu
больше 2 лет назад

A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.

redhat логотип

CVE-2022-44570

CVSS3: 7.5
redhat
больше 2 лет назад

A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.

nvd логотип

CVE-2022-44570

CVSS3: 7.5
nvd
больше 2 лет назад

A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.

github логотип

GHSA-65f5-mfpf-vfhj

CVSS3: 7.5
github
больше 2 лет назад

Denial of service via header parsing in Rack

fstec логотип

BDU:2024-02579

CVSS3: 7.5
fstec
больше 2 лет назад

Уязвимость компонента анализа заголовка Range модульного интерфейса между веб-серверами и веб-приложениями Rack, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 84%
0.02366
Низкий