CVE-2022-44570

Summary

A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.

Affected Software

VendorProductVersion RangeStatus
n/ahttps://github.com/rack/rack2.0.9.2, 2.1.4.2, 2.2.4.2, 3.0.0.1affected

Weaknesses

  • CWE-400: Denial of Service (CWE-400)

ADP Enrichment

CVE Program Container

Additional References

References