Lucene search

K
freebsdFreeBSD95176BA5-9796-11ED-BFBF-080027F5FEC9
HistoryJan 17, 2023 - 12:00 a.m.

rack -- Multiple vulnerabilities

2023-01-1700:00:00
vuxml.freebsd.org
18

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

41.1%

Aaron Patterson reports:

CVE-2022-44570

      Carefully crafted input can cause the Range header
      parsing component in Rack to take an unexpected amount
      of time, possibly resulting in a denial of service
      attack vector. Any applications that deal with Range
      requests (such as streaming applications, or
      applications that serve files) may be impacted.

CVE-2022-44571

      Carefully crafted input can cause Content-Disposition
      header parsing in Rack to take an unexpected amount of
      time, possibly resulting in a denial of service attack
      vector. This header is used typically used in multipart
      parsing. Any applications that parse multipart posts
      using Rack (virtually all Rails applications) are
      impacted.

CVE-2022-44572

      Carefully crafted input can cause RFC2183 multipart
      boundary parsing in Rack to take an unexpected amount of
      time, possibly resulting in a denial of service attack
      vector. Any applications that parse multipart posts
      using Rack (virtually all Rails applications) are
      impacted.
OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchrubygem-rack<Β 3.0.4.1,3UNKNOWN
FreeBSDanynoarchrubygem-rack22<Β 2.2.6.2,3UNKNOWN
FreeBSDanynoarchrubygem-rack16<Β 1.6.14UNKNOWN

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

41.1%