Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2025-07426

Опубликовано: 07 мая 2025
Источник: fstec
CVSS3: 7.5
CVSS2: 7.8
EPSS Низкий

Описание

Уязвимость интерфейса модуля Rack интерпретатора языка программирования Ruby связана с неконтролируемым расходом ресурсов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Вендор

Novell Inc.
Red Hat Inc.
Canonical Ltd.
Сообщество свободного программного обеспечения
ООО «Ред Софт»
Leah Neukirchen

Наименование ПО

OpenSUSE Leap
Red Hat Enterprise Linux
SUSE Linux Enterprise Server for SAP Applications
Ubuntu
Red Hat 3scale API Management Platform
Debian GNU/Linux
РЕД ОС
Suse Linux Enterprise Server
Red Hat Satellite
Logging subsystem for Red Hat OpenShift
Rack

Версия ПО

15.5 (OpenSUSE Leap)
8 (Red Hat Enterprise Linux)
15 SP1 (SUSE Linux Enterprise Server for SAP Applications)
12 SP5 (SUSE Linux Enterprise Server for SAP Applications)
20.04 LTS (Ubuntu)
2 (Red Hat 3scale API Management Platform)
15.3 (OpenSUSE Leap)
11 (Debian GNU/Linux)
12 (Debian GNU/Linux)
7.3 (РЕД ОС)
15.4 (OpenSUSE Leap)
15 SP3 (Suse Linux Enterprise Server)
15 SP3 (SUSE Linux Enterprise Server for SAP Applications)
15 SP2 (SUSE Linux Enterprise Server for SAP Applications)
15 SP4 (Suse Linux Enterprise Server)
6 (Red Hat Satellite)
15 SP4 (SUSE Linux Enterprise Server for SAP Applications)
22.04 LTS (Ubuntu)
9 (Red Hat Enterprise Linux)
15 SP3-LTSS (Suse Linux Enterprise Server)
15 SP5 (SUSE Linux Enterprise Server for SAP Applications)
15 SP5 (Suse Linux Enterprise Server)
8.4 Telecommunications Update Service (Red Hat Enterprise Linux)
8.4 Update Services for SAP Solutions (Red Hat Enterprise Linux)
- (Logging subsystem for Red Hat OpenShift)
8.8 Extended Update Support (Red Hat Enterprise Linux)
9.2 Extended Update Support (Red Hat Enterprise Linux)
15 SP6 (Suse Linux Enterprise Server)
15 SP6 (SUSE Linux Enterprise Server for SAP Applications)
24.04 LTS (Ubuntu)
9.0 Update Services for SAP Solutions (Red Hat Enterprise Linux)
8.6 Update Services for SAP Solutions (Red Hat Enterprise Linux)
8.6 Telecommunications Update Service (Red Hat Enterprise Linux)
7 Extended Lifecycle Support (Red Hat Enterprise Linux)
24.10 (Ubuntu)
6.16 for RHEL 8 (Red Hat Satellite)
6.16 for RHEL 9 (Red Hat Satellite)
9.4 Extended Update Support (Red Hat Enterprise Linux)
15 SP5-LTSS (Suse Linux Enterprise Server)
15 SP7 (Suse Linux Enterprise Server)
15 SP7 (SUSE Linux Enterprise Server for SAP Applications)
25.04 (Ubuntu)
10 (Red Hat Enterprise Linux)
15 SP4 LTSS (Suse Linux Enterprise Server)
до 2.2.14 (Rack)
до 3.0.16 (Rack)
до 3.1.14 (Rack)

Тип ПО

Операционная система
Прикладное ПО информационных систем

Операционные системы и аппаратные платформы

Novell Inc. OpenSUSE Leap 15.5
Red Hat Inc. Red Hat Enterprise Linux 8
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP1
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP5
Canonical Ltd. Ubuntu 20.04 LTS
Novell Inc. OpenSUSE Leap 15.3
Сообщество свободного программного обеспечения Debian GNU/Linux 11
Сообщество свободного программного обеспечения Debian GNU/Linux 12
ООО «Ред Софт» РЕД ОС 7.3
Novell Inc. OpenSUSE Leap 15.4
Novell Inc. Suse Linux Enterprise Server 15 SP3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP2
Novell Inc. Suse Linux Enterprise Server 15 SP4
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP4
Canonical Ltd. Ubuntu 22.04 LTS
Red Hat Inc. Red Hat Enterprise Linux 9
Novell Inc. Suse Linux Enterprise Server 15 SP3-LTSS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP5
Novell Inc. Suse Linux Enterprise Server 15 SP5
Red Hat Inc. Red Hat Enterprise Linux 8.4 Telecommunications Update Service
Red Hat Inc. Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
Red Hat Inc. Red Hat Enterprise Linux 8.8 Extended Update Support
Red Hat Inc. Red Hat Enterprise Linux 9.2 Extended Update Support
Novell Inc. Suse Linux Enterprise Server 15 SP6
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP6
Canonical Ltd. Ubuntu 24.04 LTS
Red Hat Inc. Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Red Hat Inc. Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
Red Hat Inc. Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Red Hat Inc. Red Hat Enterprise Linux 7 Extended Lifecycle Support
Canonical Ltd. Ubuntu 24.10
Red Hat Inc. Red Hat Enterprise Linux 9.4 Extended Update Support
Novell Inc. Suse Linux Enterprise Server 15 SP5-LTSS
Novell Inc. Suse Linux Enterprise Server 15 SP7
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP7
Canonical Ltd. Ubuntu 25.04
Red Hat Inc. Red Hat Enterprise Linux 10
Novell Inc. Suse Linux Enterprise Server 15 SP4 LTSS

Уровень опасности уязвимости

Высокий уровень опасности (базовая оценка CVSS 2.0 составляет 7,8)
Высокий уровень опасности (базовая оценка CVSS 3.1 составляет 7,5)

Возможные меры по устранению уязвимости

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года.
Использование рекомендаций:
Для Rack:
https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx
https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74
https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3
https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2025-46727
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2025-46727
Для Ubuntu:
https://ubuntu.com/security/CVE-2025-46727
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2025-46727.html

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 56%
0.00336
Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Связанные уязвимости

CVSS3: 7.5
ubuntu
3 месяца назад

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with extremely large numbers of parameters. The vulnerability arises because `Rack::QueryParser` iterates over each `&`-separated key-value pair and adds it to a Hash without enforcing an upper bound on the total number of parameters. This allows an attacker to send a single request containing hundreds of thousands (or more) of parameters, which consumes excessive memory and CPU during parsing. An attacker can trigger denial of service by sending specifically crafted HTTP requests, which can cause memory exhaustion or pin CPU resources, stalling or crashing the Rack server. This results in full service disruption until the affected worker is restarted. Versions 2.2.14, 3.0.16, and 3.1.14 fix...

CVSS3: 7.5
redhat
3 месяца назад

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with extremely large numbers of parameters. The vulnerability arises because `Rack::QueryParser` iterates over each `&`-separated key-value pair and adds it to a Hash without enforcing an upper bound on the total number of parameters. This allows an attacker to send a single request containing hundreds of thousands (or more) of parameters, which consumes excessive memory and CPU during parsing. An attacker can trigger denial of service by sending specifically crafted HTTP requests, which can cause memory exhaustion or pin CPU resources, stalling or crashing the Rack server. This results in full service disruption until the affected worker is restarted. Versions 2.2.14, 3.0.16, and 3.1.14 fix...

CVSS3: 7.5
nvd
3 месяца назад

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with extremely large numbers of parameters. The vulnerability arises because `Rack::QueryParser` iterates over each `&`-separated key-value pair and adds it to a Hash without enforcing an upper bound on the total number of parameters. This allows an attacker to send a single request containing hundreds of thousands (or more) of parameters, which consumes excessive memory and CPU during parsing. An attacker can trigger denial of service by sending specifically crafted HTTP requests, which can cause memory exhaustion or pin CPU resources, stalling or crashing the Rack server. This results in full service disruption until the affected worker is restarted. Versions 2.2.14, 3.0.16, and 3.1.14 fix th

CVSS3: 7.5
debian
3 месяца назад

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, ...

CVSS3: 7.5
github
3 месяца назад

Rack has an Unbounded-Parameter DoS in Rack::QueryParser

EPSS

Процентиль: 56%
0.00336
Низкий

7.5 High

CVSS3

7.8 High

CVSS2