CVE-2024-26141

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Rack versions 1.3.0 through 3.0.9 and 2.2.8.1.

Description Rack is a modular Ruby web server interface. A denial of service (DoS) vulnerability exists due to improper handling of Range headers. Carefully crafted Range headers can cause the server to respond with an unexpectedly large response, potentially leading to a denial of service. Applications using the Rack::File middleware or the Rack::Utils.byte ranges methods, including Rails applications, are vulnerable.

Recommendations Upgrade to Rack version 3.0.9.1 or 2.2.8.1 to address this vulnerability.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALSA-2024:2113

ALSA-2024:2953

ALSA-2024_2113

BDU:2024-01714

CESA-2024_2953

CVE-2024-26141

DLA-3800-1

DSA-5698-1

GHSA-XJ5V-6V4G-JFW6

INFSA-2024_2113

INFSA-2024_2953

MGASA-2024-0123

OESA-2024-1820

OESA-2024-1821

OESA-2024-1822

OESA-2024-1823

OPENSUSE-SU-2024:13726-1

OPENSUSE-SU-2024:13727-1

OPENSUSE-SU-2024_0765-1

OPENSUSE-SU-2025:14811-1

OPENSUSE-SU-2025:14875-1

OPENSUSE-SU-2026:10286-1

OPENSUSE-SU-2026:10358-1

RHSA-2024:10806

RHSA-2024:1841

RHSA-2024:1846

RHSA-2024:2007

RHSA-2024:2113

RHSA-2024:2581

RHSA-2024:2584

RHSA-2024:2953

RHSA-2024:3431

RHSA-2024_2113

RHSA-2024_2953

RLSA-2024:2953

SUSE-SU-2024:0765-1

SUSE-SU-2024:0946-1

SUSE-SU-2024:1131-1

USN-6689-1

USN-6837-1

USN-6837-2

USN-7036-1

Affected Products

Almalinux

Astra Linux

Centos

Linuxmint

Rack

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2024-26141

Weakness Enumeration

Related Identifiers

Affected Products

References · 130