7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
32.6%
A denial of service vulnerability present in ActiveRecordโs PostgreSQL
adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit
signed integer is provided to the PostgreSQL connection adapter, it will
treat the target column type as numeric. Comparing integer values against
numeric values can result in a slow sequential scan resulting in potential
Denial of Service.
Author | Note |
---|---|
seth-arnold | In Oneiric-Saucy, rails package is just for transition; The rails package contains actual code from vivid onward |
discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119
github.com/rails/rails/commit/414eb337d142a9c61d7723ceb9b7c1ab30dff3ed (6-1-stable)
launchpad.net/bugs/cve/CVE-2022-44566
nvd.nist.gov/vuln/detail/CVE-2022-44566
security-tracker.debian.org/tracker/CVE-2022-44566
www.cve.org/CVERecord?id=CVE-2022-44566