UBUNTU-CVE-2022-44572

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2022-44572

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-44572.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-44572

Related

Published

2023-02-09T20:15:00Z

Modified

2023-02-09T20:15:00Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.

References

Affected packages

Ubuntu:20.04:LTS / ruby-rack

Package

Name: ruby-rack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.0.6-3

2.0.7-2

2.0.7-2ubuntu0.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:20.04:LTS / ruby-rack

Package

Name: ruby-rack
Purl: pkg:deb/ubuntu/ruby-rack@2.0.7-2ubuntu0.1+esm3?arch=src?distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.7-2ubuntu0.1+esm3

Affected versions

2.*

2.0.6-3

2.0.7-2

2.0.7-2ubuntu0.1

2.0.7-2ubuntu0.1+esm1

2.0.7-2ubuntu0.1+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "ruby-rack": "2.0.7-2ubuntu0.1+esm3"
        }
    ]
}

Ubuntu:22.04:LTS / ruby-rack

Package

Name: ruby-rack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.4-3

2.1.4-4

2.1.4-5

2.1.4-5ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:22.04:LTS / ruby-rack

Package

Name: ruby-rack
Purl: pkg:deb/ubuntu/ruby-rack@2.1.4-5ubuntu1+esm3?arch=src?distro=esm-apps/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.4-5ubuntu1+esm3

Affected versions

2.*

2.1.4-3

2.1.4-4

2.1.4-5

2.1.4-5ubuntu1

2.1.4-5ubuntu1+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "ruby-rack": "2.1.4-5ubuntu1+esm3"
        }
    ]
}

Ubuntu:24.04:LTS / ruby-rack

Package

Name: ruby-rack
Purl: pkg:deb/ubuntu/ruby-rack@2.2.4-3?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.4-3

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "ruby-rack": "2.2.4-3"
        }
    ]
}