CVE-2022-44571
Denial of Service vulnerability in rack (RubyGems)
What is CVE-2022-44571 About?
This vulnerability within Rack's `Content-Disposition` header parsing component can lead to a Denial of Service (DoS) due to excessive processing time for carefully crafted input. Attackers can leverage this to make applications unresponsive, affecting virtually all Rails applications that parse multipart posts. Exploitation is relatively easy, requiring only a malicious HTTP request.
Affected Software
- rack
- >=3.0.0.0, <3.0.4.1
- >=2.0.0, <2.0.9.2
- >=2.2.0, <2.2.6.1
- >=2.1.0, <2.1.4.2
Technical Details
The Denial of Service vulnerability in Rack's Content-Disposition header parsing (versions >= 2.0.0 and < 2.0.9.2, 2.1.4.2, 2.2.6.1, 3.0.0.1) arises from a Regular Expression Denial of Service (ReDoS) weakness. Specifically, carefully crafted input in the Content-Disposition header, commonly found in multipart HTTP requests, can cause the regular expression used for parsing this header to take a disproportionately long time to process. This leads to a significant consumption of CPU resources, tying up server processes and rendering the application unresponsive to other requests. Since this header is frequently used in multipart parsing, most Rails applications, which rely on Rack for handling HTTP requests, are impacted.
What is the Impact of CVE-2022-44571?
Successful exploitation may allow attackers to render the affected application or server unresponsive, leading to a Denial of Service for legitimate users.
What is the Exploitability of CVE-2022-44571?
Exploitation involves sending an HTTP request with a specially crafted Content-Disposition header. The complexity is low, as it primarily requires knowledge of how to construct a ReDoS payload for the specific regular expression used. No prior authentication is needed if the target endpoint processes form data. This is a remote exploit, achieved through standard HTTP communication. The high prevalence of Rack in Ruby-on-Rails applications and the broad impact on multipart parsing increases the likelihood of successful exploitation against vulnerable systems.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2022-44571?
Available Upgrade Options
- rack
- >=2.0.0, <2.0.9.2 → Upgrade to 2.0.9.2
- rack
- >=2.1.0, <2.1.4.2 → Upgrade to 2.1.4.2
- rack
- >=2.2.0, <2.2.6.1 → Upgrade to 2.2.6.1
- rack
- >=3.0.0.0, <3.0.4.1 → Upgrade to 3.0.4.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://discuss.rubyonrails.org/t/cve-2022-44571-possible-denial-of-service-vulnerability-in-rack-content-disposition-parsing/82126
- https://nvd.nist.gov/vuln/detail/CVE-2022-44571
- https://github.com/rack/rack/releases/tag/v3.0.4.1
- https://discuss.rubyonrails.org/t/cve-2022-44571-possible-denial-of-service-vulnerability-in-rack-content-disposition-parsing/82126
- https://security.netapp.com/advisory/ntap-20231208-0013/
- https://osv.dev/vulnerability/GHSA-93pm-5p5f-3ghx
- https://github.com/rack/rack
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44571.yml
- https://www.debian.org/security/2023/dsa-5530
- https://www.debian.org/security/2023/dsa-5530
What are Similar Vulnerabilities to CVE-2022-44571?
Similar Vulnerabilities: CVE-2022-30122 , CVE-2021-4122 , CVE-2020-8159 , CVE-2019-15891 , CVE-2019-13017
