DEBIAN-CVE-2022-44572

DEBIAN-CVE-2022-44572 PUBLISHED CVSS 7.5 HIGH

A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:13	ruby-rack	0, 0, 0
Debian:12	ruby-rack	0, 0, 0
Debian:11	ruby-rack	0, 2.1.4-3, 0
Debian:14	ruby-rack	0, 0, 0

Exploit Intelligence

.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)

Timeline

Feb 9, 2023 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2022-44572 advisory

Open in Interactive Console →