4 matches found
Astra Linux - уязвимость в ruby-rack
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser could accumulate unbounded data when the header block of a multipart part never ended with the required blank line CRLFCRLF. The parser continuously stored incoming bytes in memory...
CVE-2025-61772 Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory witho...
CVE-2025-61772
Rack’s CVE-2025-61772 affects Rack::Multipart::Parser, which can accumulate unbounded per-part headers if a multipart part header never ends with a blank line. This leads to memory exhaustion and DoS on affected versions prior to 2.2.19, 3.1.17, and 3.2.2. The fix caps per-part header size (e.g.,...
Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
Summary Rack::Multipart::Parser can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of...