CVE-2022-44572 — Vulnetix

CVE-2022-44572 PUBLISHED CVSS 7.5 HIGH

Inefficient Regular Expression Complexity

EPSS 0.26% · 49.1th percentile

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.26%

49.1th percentile

Affected Products

Vendor	Product	Versions
n/a	https://github.com/rack/rack	2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1, *, 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1
RubyGems	rack	0, 2.1.0, 2.2.0

Exploit Intelligence

[CVE-2022-44572] Possible Denial of Service Vulnerability in Rack’s RFC2183 boundary parsing (hackerone)
[CVE-2022-44572] Possible Denial of Service Vulnerability in Rack’s RFC2183 boundary parsing (hackerone)
[CVE-2022-44572] Possible Denial of Service Vulnerability in Rack’s RFC2183 boundary parsing (hackerone)
https://hackerone.com/reports/1639882 (cve.org)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)

…and 12 more exploits

Timeline

CVE Published
Feb 10, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 22, 2023 EPSS Score
May 1, 2023 EPSS Score
Jun 9, 2023 EPSS Score
Jul 27, 2023 PoC Published
Aug 28, 2023 EPSS Score
Oct 7, 2023 EPSS Score
Nov 16, 2023 EPSS Score
Dec 26, 2023 EPSS Score
Feb 3, 2024 EPSS Score

References

https://hackerone.com/reports/1639882 url
DSA-5530 vendor-advisory
https://security.netapp.com/advisory/ntap-20231208-0014/ url
https://nvd.nist.gov/vuln/detail/CVE-2022-44572 advisory
https://github.com/rack/rack/releases/tag/v3.0.4.1 url
https://github.com/advisories/GHSA-rqv2-275x-2jq5 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›