Описание
There is a denial of service vulnerability in the header parsing component of Rack.
A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service.
Меры по смягчению последствий
Setting Regexp.timeout in Ruby 3.2 is a possible workaround.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | 3scale-amp-backend-container | Affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp-zync-container | Will not fix | ||
| Red Hat Enterprise Linux 7 | pcs | Not affected | ||
| Red Hat Storage 3 | rubygem-rack | Affected | ||
| Red Hat Enterprise Linux 8 | pcs | Fixed | RHSA-2023:3082 | 16.05.2023 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | pcs | Fixed | RHSA-2023:1961 | 25.04.2023 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | pcs | Fixed | RHSA-2023:3403 | 31.05.2023 |
| Red Hat Enterprise Linux 9 | pcs | Fixed | RHSA-2023:2652 | 09.05.2023 |
| Red Hat Enterprise Linux 9.0 Extended Update Support | pcs | Fixed | RHSA-2023:1981 | 25.04.2023 |
| Red Hat Satellite 6.14 for RHEL 8 | rubygem-rack | Fixed | RHSA-2023:6818 | 08.11.2023 |
Показывать по
10
Ссылки на источники
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-1333
https://bugzilla.redhat.com/show_bug.cgi?id=2179649rubygem-rack: denial of service in header parsing
EPSS
Процентиль: 45%
0.00226
Низкий
5.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.3
ubuntu
6 месяцев назад
There is a denial of service vulnerability in the header parsing component of Rack.
CVSS3: 5.3
nvd
6 месяцев назад
There is a denial of service vulnerability in the header parsing component of Rack.
CVSS3: 5.3
debian
6 месяцев назад
There is a denial of service vulnerability in the header parsing compo ...
github
больше 2 лет назад
Possible Denial of Service Vulnerability in Rack's header parsing
EPSS
Процентиль: 45%
0.00226
Низкий
5.3 Medium
CVSS3