CVE-2022-44570

Name of the Vulnerable Software and Affected Versions Rack versions 1.5.0 through 2.0.9.1 Rack versions 2.1.0 through 2.1.4.1 Rack versions 2.2.0 through 2.2.6.1 Rack versions 3.0.0 through 3.0.0.0

Description A denial of service vulnerability in the Range header parsing component of Rack can cause the component to take an unexpected amount of time when processing carefully crafted input, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests, such as streaming applications or applications that serve files, may be impacted.

Recommendations For Rack versions 1.5.0 through 2.0.9.1, update to version 2.0.9.2. For Rack versions 2.1.0 through 2.1.4.1, update to version 2.1.4.2. For Rack versions 2.2.0 through 2.2.6.1, update to version 2.2.6.2. For Rack versions 3.0.0 through 3.0.0.0, update to version 3.0.0.1. As a temporary workaround, consider restricting access to the Range header parsing component until a patch is available. Apply the provided patches for the respective release series if an immediate upgrade is not possible.