Ubuntu.comUB:CVE-2022-44571CVE-2022-44571
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
41.6%
There is a denial of service vulnerability in the Content-Disposition
parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This
could allow an attacker to craft an input that can cause
Content-Disposition header parsing in Rackto take an unexpected amount of
time, possibly resulting in a denial ofservice attack vector. This header
is used typically used in multipartparsing. Any applications that parse
multipart posts using Rack (virtuallyall Rails applications) are impacted.
Bugs
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | ruby-rack | < 1.6.4-4ubuntu0.2+esm4 | UNKNOWN |
| ubuntu | 20.04 | noarch | ruby-rack | < 2.0.7-2ubuntu0.1+esm3 | UNKNOWN |
| ubuntu | 22.04 | noarch | ruby-rack | < 2.1.4-5ubuntu1+esm3 | UNKNOWN |
| ubuntu | 14.04 | noarch | ruby-rack | < 1.5.2-3+deb8u3ubuntu1~esm6 | UNKNOWN |
| ubuntu | 16.04 | noarch | ruby-rack | < 1.6.4-3ubuntu0.2+esm4 | UNKNOWN |
References
github.com/rack/rack/commit/4e33ad10bf5f16d25c156f905bcc548e7f787bc3 (v2.0.9.2)
github.com/rack/rack/commit/9b5fb5c7ef0e39b959a6c5c0005d9af44a29d6f8 (v2.1.4.2)
github.com/rack/rack/commit/ee25ab9a7ee981d7578f559701085b0cf39bde77 (v2.2.6.1)
launchpad.net/bugs/cve/CVE-2022-44571
nvd.nist.gov/vuln/detail/CVE-2022-44571
security-tracker.debian.org/tracker/CVE-2022-44571
ubuntu.com/security/notices/USN-5910-1
www.cve.org/CVERecord?id=CVE-2022-44571
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
41.6%