A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.
Advisories
Source ID Title
Debian DLA Debian DLA DLA-3298-1 ruby-rack security update
Debian DSA Debian DSA DSA-5530-1 ruby-rack security update
EUVD EUVD EUVD-2023-0353 Denial of service via header parsing in Rack
Github GHSA Github GHSA GHSA-65f5-mfpf-vfhj Denial of service via header parsing in Rack
Ubuntu USN Ubuntu USN USN-5910-1 Rack vulnerabilities
Ubuntu USN Ubuntu USN USN-7036-1 Rack vulnerabilities
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 13 Feb 2025 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Rack
Rack rack
CPEs cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:* cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*
Vendors & Products Rack Project
Rack Project rack
Rack
Rack rack

cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2024-08-03T13:54:03.858Z

Reserved: 2022-11-01T00:00:00

Link: CVE-2022-44570

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-02-09T20:15:11.090

Modified: 2025-02-13T15:37:40.953

Link: CVE-2022-44570

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-01-20T00:00:00Z

Links: CVE-2022-44570 - Bugzilla

cve-icon OpenCVE Enrichment

No data.