Описание
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
A flaw was found in rubygem-rack. This issue occurs in the Multipart MIME parsing code in Rack, which limits the number of file parts but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected, resulting in a denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/fluentd-rhel8 | Affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp-zync-container | Will not fix | ||
| Red Hat Enterprise Linux 7 | pcs | Out of support scope | ||
| Red Hat Storage 3 | rubygem-rack | Affected | ||
| Red Hat Enterprise Linux 8 | pcs | Fixed | RHSA-2023:3082 | 16.05.2023 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | pcs | Fixed | RHSA-2023:1961 | 25.04.2023 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | pcs | Fixed | RHSA-2023:3403 | 31.05.2023 |
| Red Hat Enterprise Linux 9 | pcs | Fixed | RHSA-2023:2652 | 09.05.2023 |
| Red Hat Enterprise Linux 9.0 Extended Update Support | pcs | Fixed | RHSA-2023:1981 | 25.04.2023 |
| Red Hat Satellite 6.14 for RHEL 8 | rubygem-rack | Fixed | RHSA-2023:6818 | 08.11.2023 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and ...
Rack has possible DoS Vulnerability in Multipart MIME parsing
7.5 High
CVSS3