Mageia 9: Advisory 2024-0123 Moderate: Ruby-Rack Denial Of Service Issues
mageia
April 12, 2024
Carefully crafted content type headers can cause Rackâs media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd d...
Summary
Carefully crafted content type headers can cause Rackâs media type
parser to take much longer than expected, leading to a possible denial
of service vulnerability (ReDos 2nd degree polynomial). (CVE-2024-25126)
Carefully crafted Range headers can cause a server to respond with an
unexpectedly large response. Responding with such large responses could
lead to a denial of service issue. Vulnerable applications will use the
`Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this
includes Rails applications). (CVE-2024-26141)
Carefully crafted headers can cause header parsing in Rack to take
longer than expected resulting in a possible denial of service issue.
Accept and Forwarded headers are impacted. (CVE-2024-26146)
References
- https://bugs.mageia.org/show_bug.cgi?id=33075
- https://www.cve.org/CVERecord?id=CVE-2024-25126
- https://www.cve.org/CVERecord?id=CVE-2024-26141
- https://www.cve.org/CVERecord?id=CVE-2024-26146
Topics Covered
Resolution
SRPMS
- 9/core/ruby-rack-2.2.8.1-1.mga9
PREVIOUS
NEXT
Publication date: 12 Apr 2024
URL: https://advisories.mageia.org/MGASA-2024-0123.html
Type: security
CVE: CVE-2024-25126,
CVE-2024-26141,
CVE-2024-26146
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!