Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-44572

Опубликовано: 20 янв. 2023
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.

A flaw was found in rubygem-rack. Rack is vulnerable to a denial of service caused by a regular expression denial of service (ReDoS) flaw in the multipart parsing component. By sending a specially-crafted input, a remote attacker can cause a denial of service.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-1333
https://bugzilla.redhat.com/show_bug.cgi?id=2164722rubygem-rack: denial of service in Content-Disposition parsing

EPSS

Процентиль: 48%
0.0025
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-44572

CVSS3: 7.5
ubuntu
больше 2 лет назад

A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.

nvd логотип

CVE-2022-44572

CVSS3: 7.5
nvd
больше 2 лет назад

A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.

debian логотип

CVE-2022-44572

CVSS3: 7.5
debian
больше 2 лет назад

A denial of service vulnerability in the multipart parsing component o ...

github логотип

GHSA-rqv2-275x-2jq5

github
больше 2 лет назад

Denial of service via multipart parsing in Rack

fstec логотип

BDU:2024-02581

CVSS3: 7.5
fstec
больше 2 лет назад

Уязвимость компонента анализа Range модульного интерфейса между веб-серверами и веб-приложениями Rack, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 48%
0.0025
Низкий

7.5 High

CVSS3