Debian Security Bug TrackerDEBIANCVE:CVE-2022-44572CVE-2022-44572
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
48.3%
A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | ruby-rack | <Β 2.2.4-3 | ruby-rack_2.2.4-3_all.deb |
| Debian | 11 | all | ruby-rack | <Β 2.1.4-3+deb11u1 | ruby-rack_2.1.4-3+deb11u1_all.deb |
| Debian | 999 | all | ruby-rack | <Β 2.2.4-3 | ruby-rack_2.2.4-3_all.deb |
| Debian | 13 | all | ruby-rack | <Β 2.2.4-3 | ruby-rack_2.2.4-3_all.deb |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
48.3%