CVE-2022-44570
Denial of Service vulnerability in rack (RubyGems)
What is CVE-2022-44570 About?
This is a denial of service vulnerability in the Range header parsing component of Rack. Carefully crafted input can cause the parser to consume excessive time, potentially rendering the service unavailable. Exploitation is relatively straightforward for an attacker who can send malformed HTTP requests.
Affected Software
- rack
- >=2.1.0.0, <2.1.4.2
- >=3.0.0.0, <3.0.4.1
- >=2.2.0.0, <2.2.6.2
- >=1.5.0, <2.0.9.2
Technical Details
The vulnerability lies in the Rack::Utils.get_byte_ranges function, which is responsible for parsing the Range HTTP header. When an attacker sends a specially crafted Range header, the regular expression or parsing logic used by Rack enters a state of catastrophic backtracking or inefficient processing. This causes the CPU to become excessively busy processing the malformed header, consuming significant computational resources and leading to a denial of service as the application struggles to respond to legitimate requests.
What is the Impact of CVE-2022-44570?
Successful exploitation may allow attackers to cause the application to become unresponsive or crash, leading to a denial of service for legitimate users and hindering business operations.
What is the Exploitability of CVE-2022-44570?
Exploitation is relatively low in complexity, primarily requiring the ability to send malformed HTTP requests containing a specially crafted Range header. No authentication or specific privileges are required, making this a remote attack. The primary risk factor is the public exposure of the application's Rack-based HTTP endpoint, especially if it serves content that frequently uses Range requests, such as streaming or file serving applications. The attacker only needs to send the malicious header to trigger the vulnerability.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2022-44570?
Available Upgrade Options
- rack
- >=1.5.0, <2.0.9.2 → Upgrade to 2.0.9.2
- rack
- >=2.1.0.0, <2.1.4.2 → Upgrade to 2.1.4.2
- rack
- >=2.2.0.0, <2.2.6.2 → Upgrade to 2.2.6.2
- rack
- >=3.0.0.0, <3.0.4.1 → Upgrade to 3.0.4.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://osv.dev/vulnerability/GHSA-65f5-mfpf-vfhj
- https://discuss.rubyonrails.org/t/cve-2022-44570-possible-denial-of-service-vulnerability-in-racks-range-header-parsing/82125
- https://security.netapp.com/advisory/ntap-20231208-0010/
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44570.yml
- https://security.netapp.com/advisory/ntap-20231208-0010
- https://github.com/rack/rack/releases/tag/v3.0.4.1
- https://github.com/rack/rack
- https://discuss.rubyonrails.org/t/cve-2022-44570-possible-denial-of-service-vulnerability-in-racks-range-header-parsing/82125
- https://www.debian.org/security/2023/dsa-5530
- https://nvd.nist.gov/vuln/detail/CVE-2022-44570
What are Similar Vulnerabilities to CVE-2022-44570?
Similar Vulnerabilities: CVE-2023-22792 , CVE-2021-38171 , CVE-2020-8197 , CVE-2018-3741 , CVE-2016-6316
