USN-5910-1

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-5910-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5910-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/USN-5910-1
Upstream
Related
Published
2023-03-02T17:43:56Z
Modified
2026-05-20T16:06:06.472566422Z
Summary
ruby-rack vulnerabilities
Details

It was discovered that Rack did not properly structure regular expressions in some of its parsing components, which could result in uncontrolled resource consumption if an application using Rack received specially crafted input. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-44570, CVE-2022-44571)

It was discovered that Rack did not properly structure regular expressions in its multipart parsing component, which could result in uncontrolled resource consumption if an application using Rack to parse multipart posts received specially crafted input. A remote attacker could possibly use this issue to cause a denial of service. This issue was only fixed in Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. (CVE-2022-44572)

References

Affected packages

Ubuntu:Pro:14.04:LTS / ruby-rack

Package

Name
ruby-rack
Purl
pkg:deb/ubuntu/ruby-rack?arch=source&distro=trusty%2Fesm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.2-3+deb8u3ubuntu1~esm6

Affected versions

1.*
1.5.2-1
1.5.2-1ubuntu0.1~esm1
1.5.2-3+deb8u3ubuntu1~esm2
1.5.2-3+deb8u3ubuntu1~esm3
1.5.2-3+deb8u3ubuntu1~esm4

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "1.5.2-3+deb8u3ubuntu1~esm6",
            "binary_name": "librack-ruby"
        },
        {
            "binary_name": "librack-ruby1.8",
            "binary_version": "1.5.2-3+deb8u3ubuntu1~esm6"
        },
        {
            "binary_name": "librack-ruby1.9.1",
            "binary_version": "1.5.2-3+deb8u3ubuntu1~esm6"
        },
        {
            "binary_name": "ruby-rack",
            "binary_version": "1.5.2-3+deb8u3ubuntu1~esm6"
        }
    ],
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5910-1.json"
cves_map 
{
    "ecosystem": "Ubuntu:Pro:14.04:LTS",
    "cves": [
        {
            "id": "CVE-2022-44570",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2022-44571",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        }
    ]
}

Ubuntu:Pro:16.04:LTS / ruby-rack

Package

Name
ruby-rack
Purl
pkg:deb/ubuntu/ruby-rack?arch=source&distro=esm-infra-legacy%2Fxenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.6.4-3ubuntu0.2+esm4

Affected versions

1.*
1.5.2-4
1.6.4-2
1.6.4-3
1.6.4-3ubuntu0.1
1.6.4-3ubuntu0.2
1.6.4-3ubuntu0.2+esm1
1.6.4-3ubuntu0.2+esm2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "ruby-rack",
            "binary_version": "1.6.4-3ubuntu0.2+esm4"
        }
    ],
    "availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5910-1.json"
cves_map 
{
    "ecosystem": "Ubuntu:Pro:16.04:LTS",
    "cves": []
}

Ubuntu:Pro:18.04:LTS / ruby-rack

Package

Name
ruby-rack
Purl
pkg:deb/ubuntu/ruby-rack?arch=source&distro=esm-apps%2Fbionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.6.4-4ubuntu0.2+esm4

Affected versions

1.*
1.6.4-4
1.6.4-4ubuntu0.1
1.6.4-4ubuntu0.2
1.6.4-4ubuntu0.2+esm1
1.6.4-4ubuntu0.2+esm2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "ruby-rack",
            "binary_version": "1.6.4-4ubuntu0.2+esm4"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5910-1.json"
cves_map 
{
    "ecosystem": "Ubuntu:Pro:18.04:LTS",
    "cves": [
        {
            "id": "CVE-2022-44570",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2022-44571",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        }
    ]
}

Ubuntu:Pro:20.04:LTS / ruby-rack

Package

Name
ruby-rack
Purl
pkg:deb/ubuntu/ruby-rack?arch=source&distro=esm-apps%2Ffocal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.7-2ubuntu0.1+esm3

Affected versions

2.*
2.0.6-3
2.0.7-2
2.0.7-2ubuntu0.1
2.0.7-2ubuntu0.1+esm1
2.0.7-2ubuntu0.1+esm2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "ruby-rack",
            "binary_version": "2.0.7-2ubuntu0.1+esm3"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5910-1.json"
cves_map 
{
    "ecosystem": "Ubuntu:Pro:20.04:LTS",
    "cves": [
        {
            "id": "CVE-2022-44570",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2022-44571",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2022-44572",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        }
    ]
}

Ubuntu:Pro:22.04:LTS / ruby-rack

Package

Name
ruby-rack
Purl
pkg:deb/ubuntu/ruby-rack?arch=source&distro=esm-apps%2Fjammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.4-5ubuntu1+esm3

Affected versions

2.*
2.1.4-3
2.1.4-4
2.1.4-5
2.1.4-5ubuntu1
2.1.4-5ubuntu1+esm2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "ruby-rack",
            "binary_version": "2.1.4-5ubuntu1+esm3"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5910-1.json"
cves_map 
{
    "ecosystem": "Ubuntu:Pro:22.04:LTS",
    "cves": [
        {
            "id": "CVE-2022-44570",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2022-44571",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2022-44572",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        }
    ]
}