CVE-2024-26141
DoS Vulnerability vulnerability in rack (RubyGems)
What is CVE-2024-26141 About?
This is a denial of service vulnerability in Rack related to the Range request header. Carefully crafted Range headers can cause a server to generate an unexpectedly large response, leading to resource exhaustion. Exploiting this vulnerability would likely be of moderate difficulty, requiring knowledge of HTTP header manipulation and server behavior.
Affected Software
- rack
- >=1.3.0, <2.2.8.1
- >=3.0.0, <3.0.9.1
Technical Details
The vulnerability resides in how Rack processes the HTTP Range request header, specifically within the Rack::File middleware or the Rack::Utils.byte_ranges methods. An attacker can send a specially crafted Range header that, when parsed by Rack, instructs the server to prepare a response that is disproportionately large compared to the requested range. This can consume excessive memory, CPU, or network bandwidth on the server, potentially causing it to become unresponsive or crash due to resource exhaustion, thereby leading to a denial of service.
What is the Impact of CVE-2024-26141?
Successful exploitation may allow attackers to disrupt application availability, degrade system performance, or cause the application to become unresponsive by consuming excessive resources.
What is the Exploitability of CVE-2024-26141?
Exploiting this vulnerability requires sending a specially crafted HTTP Range header. The complexity is moderate, as it involves understanding HTTP header parsing and how Rack processes byte ranges. There are no specific authentication or privilege requirements to trigger this issue, as it occurs during the initial request parsing phase. The attack is remote, targeting the application accessible via HTTP. A key risk factor is the widespread use of Rack::File middleware or Rack::Utils.byte_ranges in many Ruby applications, including Rails, making a large attack surface.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2024-26141?
Available Upgrade Options
- rack
- >=1.3.0, <2.2.8.1 → Upgrade to 2.2.8.1
- rack
- >=3.0.0, <3.0.9.1 → Upgrade to 3.0.9.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9
- https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b
- https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9
- https://nvd.nist.gov/vuln/detail/CVE-2024-26141
- https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944
- https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b
- https://osv.dev/vulnerability/GHSA-xj5v-6v4g-jfw6
- https://github.com/rack/rack
- https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml
What are Similar Vulnerabilities to CVE-2024-26141?
Similar Vulnerabilities: CVE-2024-26146 , CVE-2022-44572 , CVE-2022-2988 , CVE-2021-38102 , CVE-2023-39325
