SUSE-SU-2026:1745-1 Security update for rmt-server

This update for rmt-server fixes the following issues: Update to version 2.27. Security issues fixed: - CVE-2026-26961: rack: greedy multipart boundary parsing can lead to parser differentials and WAF bypass bsc1261398. - CVE-2026-26962: rack: improper unfolding of folded multipart headers can le...

rubygem-rack: Possible DoS Vulnerability with Range Header in Rack

A denial of service DoS vulnerability was found in rubygem-rack in how it parses Range Header. Carefully crafted range headers can cause a server to respond with an unexpectedly large response. Responding with large responses could lead to a denial of service issue...

Medium: pcs

Issue Overview: A Denial of Service DoS vulnerability was found in rubygem-rack in how it parses Content-Type. Carefully crafted content type headers can cause Rack's media type parser to take much longer than expected, leading to a possible denial of service vulnerability. CVE-2024-25126 A Denia...

Internet Bug Bounty: [CVE-2022-44570] Possible Denial of Service Vulnerability in Rack’s Range header parsing

A denial of service vulnerability was discovered in the Range header parsing component of Rack. This vulnerability could be exploited by sending carefully crafted input to the Range header, causing the parsing component to consume an unexpected amount of time and potentially leading to a denial o...

Mageia: Security Advisory (MGASA-2023-0106)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2023-0106 Updated ruby-rack packages fix security vulnerability

A denial of service vulnerability in the Range header parsing component of Rack = 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with...

Updated ruby-rack packages fix security vulnerability

A denial of service vulnerability in the Range header parsing component of Rack = 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : Rack vulnerabilities (USN-5910-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5910-1 advisory. It was discovered that Rack did not properly structure regular expressions in some of its parsing components, which...

CVE-2022-44570

A denial of service vulnerability in the Range header parsing component of Rack = 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with...

CVE-2022-44570

A denial of service vulnerability in the Range header parsing component of Rack = 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with...

Denial of service

A denial of service vulnerability in the Range header parsing component of Rack = 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with...

CVE-2022-44570

CVE-2022-44570 concerns a denial-of-service vulnerability in Rack’s Range header parsing for Rack versions >= 1.5.0. A carefully crafted input to the Range header can cause the parsing component to consume an unusually long amount of time, potentially enabling a DoS condition, affecting applic...

CVE-2022-44570

A denial of service vulnerability in the Range header parsing component of Rack = 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with...

SUSE SLES15 / openSUSE 15 Security Update : rubygem-rack (SUSE-SU-2023:0276-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0276-1 advisory. - A denial of service vulnerability in the Range header parsing component of Rack = 1.5.0. A Carefully crafted input...

Regular Expression Denial Of Service (ReDoS)

rack is vulnerable to Regular Expression Denial of Service ReDoS attacks. The vulnerability exists in the Range header parsing component of the library, which allows an attacker to significantly slow down the processing via passing a carefully crafted input...

Denial of service via header parsing in Rack

There is a possible denial of service vulnerability in the Range header parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44570. Versions Affected: = 1.5.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.2, 3.0.4.1 Impact Carefully crafted inp...

CVE-2021-38614

Polipo up to version 1.1.1 is affected: when NDEBUG is defined, parsing a Range header can trigger a heap-based buffer overflow. The issue is tied to Polipo’s handling of Range headers and is noted in multiple sources as applicable to products that are no longer supported by the maintainer. Conne...

PT-2021-22246 · Polipo · Polipo

Name of the Vulnerable Software and Affected Versions: Polipo versions 1.1.1 and earlier Description: The issue allows a heap-based buffer overflow during parsing of a Range header when NDEBUG is used. This only affects products that are no longer supported by the maintainer. Recommendations: For...

Appweb web server DoS

NULL poiinter dereference on Range: header parsing...