Lucene search
K

6 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Ruby-Rack

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser could accumulate unbounded data when the header block of a multipart part never ended with the required blank line CRLFCRLF. The parser continuously stored incoming bytes in memory...

7.5CVSS5.7AI score0.00868EPSS
Exploits0References2
Hacker One
Hacker One
added 2026/05/13 10:42 p.m.33 views

curl: HTTP/2 proxy CONNECT tunnel unbounded 1xx chain (missing Curl_bump_headersize cap in cf-h2-proxy.c)

A malicious HTTPS-on-HTTP/2 proxy can grow a libcurl client's resident set without bound during the CONNECT phase by streaming 1xx informational responses. The CVE-2023-38039 cap MAXHTTPRESPHEADERSIZE, 300 KiB, enforced through Curlbumpheadersize is not applied on the HTTP/2 proxy path. The HTTP/...

7.5CVSS6.6AI score0.62246EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.4 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005324)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005324 advisory. Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser can accumulate unbounded data when a multipart...

7.5CVSS8.3AI score0.00868EPSS
Exploits0References4
NVD
NVD
added 2025/10/07 3:16 p.m.2 views

CVE-2025-61772

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory witho...

7.5CVSS0.00868EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2025/10/07 3:2 p.m.4 views

CVE-2025-61772

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory witho...

7.5CVSS5.8AI score0.00868EPSS
Exploits0
RubySec
RubySec
added 2025/10/07 12:0 a.m.10 views

Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

Summary Rack::Multipart::Parser can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of...

7.5CVSS7AI score0.00868EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder