CVE-2022-44570

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-44570
A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://discuss.rubyonrails.org/t/cve-2022-44570-possible-denial-of-service-vulnerability-in-racks-range-header-parsing/82125 Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20231208-0010/
https://www.debian.org/security/2023/dsa-5530
https://discuss.rubyonrails.org/t/cve-2022-44570-possible-denial-of-service-vulnerability-in-racks-range-header-parsing/82125 Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20231208-0010/
https://www.debian.org/security/2023/dsa-5530
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*
cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*
cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*
cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*
History

21 Nov 2024, 07:28

Type Values Removed Values Added
References () https://discuss.rubyonrails.org/t/cve-2022-44570-possible-denial-of-service-vulnerability-in-racks-range-header-parsing/82125 - Patch, Vendor Advisory () https://discuss.rubyonrails.org/t/cve-2022-44570-possible-denial-of-service-vulnerability-in-racks-range-header-parsing/82125 - Patch, Vendor Advisory
References () https://security.netapp.com/advisory/ntap-20231208-0010/ - () https://security.netapp.com/advisory/ntap-20231208-0010/ -
References () https://www.debian.org/security/2023/dsa-5530 - () https://www.debian.org/security/2023/dsa-5530 -

22 Oct 2023, 19:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2023/dsa-5530 -

23 Jun 2023, 18:30

Type Values Removed Values Added
CWE CWE-400 CWE-1333
Information

Published : 2023-02-09 20:15

Updated : 2024-11-21 07:28

NVD link : CVE-2022-44570

Mitre link : CVE-2022-44570

CVE.ORG link : CVE-2022-44570

JSON object : View

Products Affected

rack_project

  • rack
CWE
CWE-400

Uncontrolled Resource Consumption

CWE-1333

Inefficient Regular Expression Complexity


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024