A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DLA-3298-1 | ruby-rack security update |
![]() |
DSA-5530-1 | ruby-rack security update |
![]() |
EUVD-2023-0353 | Denial of service via header parsing in Rack |
![]() |
GHSA-65f5-mfpf-vfhj | Denial of service via header parsing in Rack |
![]() |
USN-5910-1 | Rack vulnerabilities |
![]() |
USN-7036-1 | Rack vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 13 Feb 2025 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Rack
Rack rack |
|
CPEs | cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:* | |
Vendors & Products |
Rack Project
Rack Project rack |
Rack
Rack rack |

Status: PUBLISHED
Assigner: hackerone
Published:
Updated: 2024-08-03T13:54:03.858Z
Reserved: 2022-11-01T00:00:00
Link: CVE-2022-44570

No data.

Status : Modified
Published: 2023-02-09T20:15:11.090
Modified: 2025-02-13T15:37:40.953
Link: CVE-2022-44570


No data.