Vulnerability-Lookup

Vulnerability from cleanstart

Published

2026-04-09 01:01

Modified

2026-04-08 08:04

Summary

Ruby JSON is a JSON implementation for Ruby

Details

Multiple security vulnerabilities affect the logstash-fips package. Ruby JSON is a JSON implementation for Ruby. See references for individual vulnerability details.

Severity

9.8 (Critical)


                    
                      CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2024-45993	WEB
	https://osv.dev/vulnerability/CVE-2025-31344	WEB
	https://osv.dev/vulnerability/CVE-2025-48924	WEB
	https://osv.dev/vulnerability/CVE-2025-61726	WEB
	https://osv.dev/vulnerability/CVE-2025-61728	WEB
	https://osv.dev/vulnerability/CVE-2025-61770	WEB
	https://osv.dev/vulnerability/CVE-2025-61771	WEB
	https://osv.dev/vulnerability/CVE-2025-61772	WEB
	https://osv.dev/vulnerability/CVE-2025-61919	WEB
	https://osv.dev/vulnerability/CVE-2025-67130	WEB
	https://osv.dev/vulnerability/CVE-2025-68121	WEB
	https://osv.dev/vulnerability/CVE-2025-68161	WEB
	https://osv.dev/vulnerability/CVE-2026-25500	WEB
	https://osv.dev/vulnerability/CVE-2026-33210	WEB
	https://osv.dev/vulnerability/ghsa-22h5-pq3x-2gf2	WEB
	https://osv.dev/vulnerability/ghsa-2xgq-q749-89fq	WEB
	https://osv.dev/vulnerability/ghsa-3m6g-2423-7cp3	WEB
	https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6	WEB
	https://osv.dev/vulnerability/ghsa-6xw4-3v39-52mm	WEB
	https://osv.dev/vulnerability/ghsa-72qj-48g4-5xgx	WEB
	https://osv.dev/vulnerability/ghsa-c2f4-jgmc-q2r5	WEB
	https://osv.dev/vulnerability/ghsa-gh9q-2xrm-x6qv	WEB
	https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v	WEB
	https://osv.dev/vulnerability/ghsa-j4pr-3wm6-xx2r	WEB
	https://osv.dev/vulnerability/ghsa-mhwm-jh88-3gjf	WEB
	https://osv.dev/vulnerability/ghsa-mr3q-g2mv-mr4q	WEB
	https://osv.dev/vulnerability/ghsa-mxw3-3hh2-x2mh	WEB
	https://osv.dev/vulnerability/ghsa-p543-xpfm-54cp	WEB
	https://osv.dev/vulnerability/ghsa-vc5p-v9hr-52mj	WEB
	https://osv.dev/vulnerability/ghsa-vqg5-3255-v292	WEB
	https://osv.dev/vulnerability/ghsa-w9pc-fmgc-vxvw	WEB
	https://osv.dev/vulnerability/ghsa-whrj-4476-wvmp	WEB
	https://osv.dev/vulnerability/ghsa-wpv5-97wm-hp9c	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-45993	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-31344	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-48924	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61726	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61728	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61770	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61771	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61772	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61919	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-67130	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-68121	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-68161	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25500	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33210	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "logstash-fips"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.2.6-r2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the logstash-fips package. Ruby JSON is a JSON implementation for Ruby. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-GE08280",
  "modified": "2026-04-08T08:04:46Z",
  "published": "2026-04-09T01:01:38.909372Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-GE08280.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-45993"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-31344"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-48924"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61726"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61728"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61770"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61771"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61772"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61919"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-67130"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-68121"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-68161"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25500"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33210"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-22h5-pq3x-2gf2"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-2xgq-q749-89fq"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-3m6g-2423-7cp3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-6xw4-3v39-52mm"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-72qj-48g4-5xgx"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-c2f4-jgmc-q2r5"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-gh9q-2xrm-x6qv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-j4pr-3wm6-xx2r"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-mhwm-jh88-3gjf"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-mr3q-g2mv-mr4q"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-mxw3-3hh2-x2mh"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-p543-xpfm-54cp"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-vc5p-v9hr-52mj"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-vqg5-3255-v292"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-w9pc-fmgc-vxvw"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-whrj-4476-wvmp"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-wpv5-97wm-hp9c"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45993"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31344"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61770"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61771"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61772"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61919"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67130"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68161"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25500"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33210"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Ruby JSON is a JSON implementation for Ruby",
  "upstream": [
    "CVE-2024-45993",
    "CVE-2025-31344",
    "CVE-2025-48924",
    "CVE-2025-61726",
    "CVE-2025-61728",
    "CVE-2025-61770",
    "CVE-2025-61771",
    "CVE-2025-61772",
    "CVE-2025-61919",
    "CVE-2025-67130",
    "CVE-2025-68121",
    "CVE-2025-68161",
    "CVE-2026-25500",
    "CVE-2026-33210",
    "ghsa-22h5-pq3x-2gf2",
    "ghsa-2xgq-q749-89fq",
    "ghsa-3m6g-2423-7cp3",
    "ghsa-4cx2-fc23-5wg6",
    "ghsa-6xw4-3v39-52mm",
    "ghsa-72qj-48g4-5xgx",
    "ghsa-c2f4-jgmc-q2r5",
    "ghsa-gh9q-2xrm-x6qv",
    "ghsa-j288-q9x7-2f5v",
    "ghsa-j4pr-3wm6-xx2r",
    "ghsa-mhwm-jh88-3gjf",
    "ghsa-mr3q-g2mv-mr4q",
    "ghsa-mxw3-3hh2-x2mh",
    "ghsa-p543-xpfm-54cp",
    "ghsa-vc5p-v9hr-52mj",
    "ghsa-vqg5-3255-v292",
    "ghsa-w9pc-fmgc-vxvw",
    "ghsa-whrj-4476-wvmp",
    "ghsa-wpv5-97wm-hp9c"
  ]
}

CVE-2024-45993 (GCVE-0-2024-45993)

Vulnerability from cvelistv5 – Published: 2024-09-30 00:00 – Updated: 2024-09-30 18:41

Summary

Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE

Assigner

mitre

References

2 references

URL	Tags
http://giflib.com
https://gitlab.com/mthandazo/project-pov

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:giflib_project:giflib:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "giflib",
            "vendor": "giflib_project",
            "versions": [
              {
                "status": "affected",
                "version": "5.2.2"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-45993",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T18:38:19.787557Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-122",
                "description": "CWE-122 Heap-based Buffer Overflow",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T18:41:36.515Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-30T16:44:24.571Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "http://giflib.com"
        },
        {
          "url": "https://gitlab.com/mthandazo/project-pov"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-45993",
    "datePublished": "2024-09-30T00:00:00.000Z",
    "dateReserved": "2024-09-11T00:00:00.000Z",
    "dateUpdated": "2024-09-30T18:41:36.515Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-31344 (GCVE-0-2025-31344)

Vulnerability from cvelistv5 – Published: 2025-04-14 07:49 – Updated: 2025-04-14 13:39

Title

The giflib open-source component has a buffer overflow vulnerability

Summary

Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C. This issue affects giflib: through 5.2.2.

Severity

7.3 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

openEuler

References

2 references

URL	Tags
https://www.openeuler.org/zh/security/security-bu…
https://gitee.com/src-openeuler/giflib/pulls/54

Impacted products

1 product

Vendor	Product	Version
openEuler	giflib	Affected: 0 , ≤ 5.2.2 (git)

Credits

Jiaxuan Song(m202372152@hust.edu.cn) bale.cen (cenxianlong@huawei.com)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-04-14T08:05:04.085Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/07/3"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/07/4"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/07/5"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/07/6"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/08/1"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/09/5"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/09/7"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/10/1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-31344",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-14T13:36:32.164077Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-14T13:39:00.299Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitee.com/src-openeuler",
          "defaultStatus": "unaffected",
          "packageName": "giflib",
          "platforms": [
            "Linux"
          ],
          "product": "giflib",
          "programFiles": [
            "gif2rgb.c"
          ],
          "repo": "https://gitee.com/src-openeuler/giflib",
          "vendor": "openEuler",
          "versions": [
            {
              "changes": [
                {
                  "at": "2c10c1abf8ff2e88b1da04e050bb721487b73fa3",
                  "status": "affected"
                }
              ],
              "lessThanOrEqual": "5.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jiaxuan Song(m202372152@hust.edu.cn)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "bale.cen (cenxianlong@huawei.com)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003egif2rgb.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects giflib: through 5.2.2.\u003c/p\u003e"
            }
          ],
          "value": "Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C.\n\nThis issue affects giflib: through 5.2.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-14T07:49:36.597Z",
        "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "shortName": "openEuler"
      },
      "references": [
        {
          "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1292"
        },
        {
          "url": "https://gitee.com/src-openeuler/giflib/pulls/54"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "The giflib open-source component has a buffer overflow vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
    "assignerShortName": "openEuler",
    "cveId": "CVE-2025-31344",
    "datePublished": "2025-04-14T07:49:36.597Z",
    "dateReserved": "2025-03-28T07:29:55.637Z",
    "dateUpdated": "2025-04-14T13:39:00.299Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-48924 (GCVE-0-2025-48924)

Vulnerability from cvelistv5 – Published: 2025-07-11 14:56 – Updated: 2025-11-04 22:06

Title

Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs

Summary

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.

Severity

No CVSS data available.

CWE

CWE-674 - Uncontrolled Recursion

Assigner

apache

References

1 reference

URL	Tags
https://lists.apache.org/thread/bgv0lpswokgol11tl…	vendor-advisory

Impacted products

2 products

Vendor	Product	Version
Apache Software Foundation	Apache Commons Lang	Affected: 2.0 , ≤ 2.6 (maven)
Apache Software Foundation	Apache Commons Lang	Affected: 3.0 , < 3.18.0 (maven)

Credits

OSS-Fuzz Issue 42522972

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-48924",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-14T16:36:59.432024Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-14T16:37:02.057Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T22:06:40.023Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00032.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00026.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00000.html"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/07/11/1"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00036.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unknown",
          "packageName": "commons-lang:commons-lang",
          "product": "Apache Commons Lang",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.6",
              "status": "affected",
              "version": "2.0",
              "versionType": "maven"
            }
          ]
        },
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.commons:commons-lang3",
          "product": "Apache Commons Lang",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "3.18.0",
              "status": "affected",
              "version": "3.0",
              "versionType": "maven"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "OSS-Fuzz Issue 42522972"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUncontrolled Recursion vulnerability in Apache Commons Lang.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Commons Lang: Starting with\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecommons-lang:commons-lang\u0026nbsp;\u003c/span\u003e2.0 to 2.6, and, from org.apache.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecommons:commons-lang3 3.0 before\u0026nbsp;\u003c/span\u003e3.18.0.\u003c/p\u003e\u003cp\u003eThe methods ClassUtils.getClass(...) can throw\u0026nbsp;StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \nStackOverflowError could\u0026nbsp;cause an application to stop.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 3.18.0, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Uncontrolled Recursion vulnerability in Apache Commons Lang.\n\nThis issue affects Apache Commons Lang: Starting with\u00a0commons-lang:commons-lang\u00a02.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before\u00a03.18.0.\n\nThe methods ClassUtils.getClass(...) can throw\u00a0StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \nStackOverflowError could\u00a0cause an application to stop.\n\nUsers are recommended to upgrade to version 3.18.0, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674 Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T14:56:58.049Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-48924",
    "datePublished": "2025-07-11T14:56:58.049Z",
    "dateReserved": "2025-05-28T15:06:51.476Z",
    "dateUpdated": "2025-11-04T22:06:40.023Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-61726 (GCVE-0-2025-61726)

Vulnerability from cvelistv5 – Published: 2026-01-28 19:30 – Updated: 2026-01-29 18:31

Title

Memory exhaustion in query parameter parsing in net/url

Summary

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

References

4 references

URL	Tags
https://go.dev/cl/736712
https://go.dev/issue/77101
https://groups.google.com/g/golang-announce/c/Vd2…
https://pkg.go.dev/vuln/GO-2026-4341

Impacted products

1 product

Vendor	Product	Version
Go standard library	net/url	Affected: 0 , < 1.24.12 (semver) Affected: 1.25.0 , < 1.25.6 (semver)

Credits

jub0bs

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-61726",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-29T18:31:39.150633Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-29T18:31:59.685Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net/url",
          "product": "net/url",
          "programRoutines": [
            {
              "name": "parseQuery"
            },
            {
              "name": "ParseQuery"
            },
            {
              "name": "URL.Query"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.6",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "jub0bs"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-28T19:30:31.215Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/736712"
        },
        {
          "url": "https://go.dev/issue/77101"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4341"
        }
      ],
      "title": "Memory exhaustion in query parameter parsing in net/url"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-61726",
    "datePublished": "2026-01-28T19:30:31.215Z",
    "dateReserved": "2025-09-30T15:05:03.605Z",
    "dateUpdated": "2026-01-29T18:31:59.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-61728 (GCVE-0-2025-61728)

Vulnerability from cvelistv5 – Published: 2026-01-28 19:30 – Updated: 2026-01-29 18:30

Title

Excessive CPU consumption when building archive index in archive/zip

Summary

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-407 - Inefficient Algorithmic Complexity

Assigner

References

4 references

URL	Tags
https://go.dev/cl/736713
https://go.dev/issue/77102
https://groups.google.com/g/golang-announce/c/Vd2…
https://pkg.go.dev/vuln/GO-2026-4342

Impacted products

1 product

Vendor	Product	Version
Go standard library	archive/zip	Affected: 0 , < 1.24.12 (semver) Affected: 1.25.0 , < 1.25.6 (semver)

Credits

Jakub Ciolek

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-01-28T20:08:22.055Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/01/15/4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-61728",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-29T18:29:58.068724Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-29T18:30:24.487Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "archive/zip",
          "product": "archive/zip",
          "programRoutines": [
            {
              "name": "Reader.initFileList"
            },
            {
              "name": "Reader.Open"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.6",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jakub Ciolek"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-407: Inefficient Algorithmic Complexity",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-28T19:30:31.354Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/736713"
        },
        {
          "url": "https://go.dev/issue/77102"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4342"
        }
      ],
      "title": "Excessive CPU consumption when building archive index in archive/zip"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-61728",
    "datePublished": "2026-01-28T19:30:31.354Z",
    "dateReserved": "2025-09-30T15:05:03.605Z",
    "dateUpdated": "2026-01-29T18:30:24.487Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-61770 (GCVE-0-2025-61770)

Vulnerability from cvelistv5 – Published: 2025-10-07 14:30 – Updated: 2025-10-07 15:43

Title

Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)

Summary

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` buffers the entire multipart preamble (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory (OOM) conditions. Remote attackers can trigger large transient memory spikes by including a long preamble in multipart/form-data requests. The impact scales with allowed request sizes and concurrency, potentially causing worker crashes or severe slowdown due to garbage collection. Versions 2.2.19, 3.1.17, and 3.2.2 enforce a preamble size limit (e.g., 16 KiB) or discard preamble data entirely. Workarounds include limiting total request body size at the proxy or web server level and monitoring memory and set per-process limits to prevent OOM conditions.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/rack/rack/security/advisories/…	x_refsource_CONFIRM
https://github.com/rack/rack/commit/589127f4ac8b5…	x_refsource_MISC
https://github.com/rack/rack/commit/d869fed663b11…	x_refsource_MISC
https://github.com/rack/rack/commit/e08f78c656c93…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
rack	rack	Affected: < 2.2.19 Affected: >= 3.1, < 3.1.17 Affected: >= 3.2, < 3.2.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-61770",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-07T15:23:07.044511Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-07T15:43:06.827Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rack",
          "vendor": "rack",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.2.19"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.1, \u003c 3.1.17"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.2, \u003c 3.2.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` buffers the entire multipart preamble (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory (OOM) conditions. Remote attackers can trigger large transient memory spikes by including a long preamble in multipart/form-data requests. The impact scales with allowed request sizes and concurrency, potentially causing worker crashes or severe slowdown due to garbage collection. Versions 2.2.19, 3.1.17, and 3.2.2 enforce a preamble size limit (e.g., 16 KiB) or discard preamble data entirely. Workarounds include limiting total request body size at the proxy or web server level and monitoring memory and set per-process limits to prevent OOM conditions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-07T14:42:04.268Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp"
        },
        {
          "name": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"
        },
        {
          "name": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"
        },
        {
          "name": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"
        }
      ],
      "source": {
        "advisory": "GHSA-p543-xpfm-54cp",
        "discovery": "UNKNOWN"
      },
      "title": "Rack\u0027s unbounded multipart preamble buffering enables DoS (memory exhaustion)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-61770",
    "datePublished": "2025-10-07T14:30:04.552Z",
    "dateReserved": "2025-09-30T19:43:49.900Z",
    "dateUpdated": "2025-10-07T15:43:06.827Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-61771 (GCVE-0-2025-61771)

Vulnerability from cvelistv5 – Published: 2025-10-07 14:42 – Updated: 2025-10-07 17:52

Title

Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

Summary

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, ``Rack::Multipart::Parser` stores non-file form fields (parts without a `filename`) entirely in memory as Ruby `String` objects. A single large text field in a multipart/form-data request (hundreds of megabytes or more) can consume equivalent process memory, potentially leading to out-of-memory (OOM) conditions and denial of service (DoS). Attackers can send large non-file fields to trigger excessive memory usage. Impact scales with request size and concurrency, potentially leading to worker crashes or severe garbage-collection overhead. All Rack applications processing multipart form submissions are affected. Versions 2.2.19, 3.1.17, and 3.2.2 enforce a reasonable size cap for non-file fields (e.g., 2 MiB). Workarounds include restricting maximum request body size at the web-server or proxy layer (e.g., Nginx `client_max_body_size`) and validating and rejecting unusually large form fields at the application level.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/rack/rack/security/advisories/…	x_refsource_CONFIRM
https://github.com/rack/rack/commit/589127f4ac8b5…	x_refsource_MISC
https://github.com/rack/rack/commit/d869fed663b11…	x_refsource_MISC
https://github.com/rack/rack/commit/e08f78c656c93…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
rack	rack	Affected: < 2.2.19 Affected: >= 3.1, < 3.1.17 Affected: >= 3.2, < 3.2.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-61771",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-07T17:51:58.348077Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-07T17:52:09.399Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rack",
          "vendor": "rack",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.2.19"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.1, \u003c 3.1.17"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.2, \u003c 3.2.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, ``Rack::Multipart::Parser` stores non-file form fields (parts without a `filename`) entirely in memory as Ruby `String` objects. A single large text field in a multipart/form-data request (hundreds of megabytes or more) can consume equivalent process memory, potentially leading to out-of-memory (OOM) conditions and denial of service (DoS). Attackers can send large non-file fields to trigger excessive memory usage. Impact scales with request size and concurrency, potentially leading to worker crashes or severe garbage-collection overhead. All Rack applications processing multipart form submissions are affected. Versions 2.2.19, 3.1.17, and 3.2.2 enforce a reasonable size cap for non-file fields (e.g., 2 MiB). Workarounds include restricting maximum request body size at the web-server or proxy layer (e.g., Nginx `client_max_body_size`) and validating and rejecting unusually large form fields at the application level."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-07T14:42:53.366Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw"
        },
        {
          "name": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"
        },
        {
          "name": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"
        },
        {
          "name": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"
        }
      ],
      "source": {
        "advisory": "GHSA-w9pc-fmgc-vxvw",
        "discovery": "UNKNOWN"
      },
      "title": "Rack\u0027s multipart parser buffers large non\u2011file fields entirely in memory, enabling DoS (memory exhaustion)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-61771",
    "datePublished": "2025-10-07T14:42:53.366Z",
    "dateReserved": "2025-09-30T19:43:49.900Z",
    "dateUpdated": "2025-10-07T17:52:09.399Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-61772 (GCVE-0-2025-61772)

Vulnerability from cvelistv5 – Published: 2025-10-07 15:02 – Updated: 2025-10-07 17:51

Title

Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

Summary

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of service (DoS). Attackers can send incomplete multipart headers to trigger high memory use, leading to process termination (OOM) or severe slowdown. The effect scales with request size limits and concurrency. All applications handling multipart uploads may be affected. Versions 2.2.19, 3.1.17, and 3.2.2 cap per-part header size (e.g., 64 KiB). As a workaround, restrict maximum request sizes at the proxy or web server layer (e.g., Nginx `client_max_body_size`).

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/rack/rack/security/advisories/…	x_refsource_CONFIRM
https://github.com/rack/rack/commit/589127f4ac8b5…	x_refsource_MISC
https://github.com/rack/rack/commit/d869fed663b11…	x_refsource_MISC
https://github.com/rack/rack/commit/e08f78c656c93…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
rack	rack	Affected: < 2.2.19 Affected: >= 3.1, < 3.1.17 Affected: >= 3.2, < 3.2.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-61772",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-07T17:51:19.811672Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-07T17:51:26.246Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rack",
          "vendor": "rack",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.2.19"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.1, \u003c 3.1.17"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.2, \u003c 3.2.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` can accumulate unbounded data when a multipart part\u2019s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of service (DoS). Attackers can send incomplete multipart headers to trigger high memory use, leading to process termination (OOM) or severe slowdown. The effect scales with request size limits and concurrency. All applications handling multipart uploads may be affected. Versions 2.2.19, 3.1.17, and 3.2.2 cap per-part header size (e.g., 64 KiB). As a workaround, restrict maximum request sizes at the proxy or web server layer (e.g., Nginx `client_max_body_size`)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-07T15:02:09.895Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c"
        },
        {
          "name": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"
        },
        {
          "name": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"
        },
        {
          "name": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"
        }
      ],
      "source": {
        "advisory": "GHSA-wpv5-97wm-hp9c",
        "discovery": "UNKNOWN"
      },
      "title": "Rack\u0027s multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-61772",
    "datePublished": "2025-10-07T15:02:09.895Z",
    "dateReserved": "2025-09-30T19:43:49.901Z",
    "dateUpdated": "2025-10-07T17:51:26.246Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-61919 (GCVE-0-2025-61919)

Vulnerability from cvelistv5 – Published: 2025-10-10 19:22 – Updated: 2025-10-10 20:48

Title

Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing

Summary

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`).

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/rack/rack/security/advisories/…	x_refsource_CONFIRM
https://github.com/rack/rack/commit/4e2c903991a79…	x_refsource_MISC
https://github.com/rack/rack/commit/cbd541e8a3d0c…	x_refsource_MISC
https://github.com/rack/rack/commit/e179614c4a653…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
rack	rack	Affected: < 2.2.20 Affected: >= 3.0, < 3.1.18 Affected: >= 3.2, < 3.2.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-61919",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-10T20:48:10.264464Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-10T20:48:20.240Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rack",
          "vendor": "rack",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.2.20"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.0, \u003c 3.1.18"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.2, \u003c 3.2.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-10T19:22:42.454Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm"
        },
        {
          "name": "https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881"
        },
        {
          "name": "https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db"
        },
        {
          "name": "https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f"
        }
      ],
      "source": {
        "advisory": "GHSA-6xw4-3v39-52mm",
        "discovery": "UNKNOWN"
      },
      "title": "Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-61919",
    "datePublished": "2025-10-10T19:22:42.454Z",
    "dateReserved": "2025-10-03T22:21:59.615Z",
    "dateUpdated": "2025-10-10T20:48:20.240Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

Vulnerability from cleanstart

CVE-2024-45993 (GCVE-0-2024-45993)

CVE-2025-31344 (GCVE-0-2025-31344)

CVE-2025-48924 (GCVE-0-2025-48924)

CVE-2025-61726 (GCVE-0-2025-61726)

CVE-2025-61728 (GCVE-0-2025-61728)

CVE-2025-61770 (GCVE-0-2025-61770)

CVE-2025-61771 (GCVE-0-2025-61771)

CVE-2025-61772 (GCVE-0-2025-61772)

CVE-2025-61919 (GCVE-0-2025-61919)

Tags

Sightings

Nomenclature