csaf_redhat - rhsa-2025:21696

rhsa-2025:21696

Vulnerability from csaf_redhat

Published

2025-11-18 14:42

Modified

2025-11-21 19:31

Summary

Red Hat Security Advisory: pcs security update

Notes

Topic

An update for pcs is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) (CVE-2025-61770) * rack: Rack's multipart parser buffers large non?file fields entirely in memory, enabling DoS (memory exhaustion) (CVE-2025-61771) * rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion (CVE-2025-61919) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for pcs is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.\n\nSecurity Fix(es):\n\n* rack: Rack\u0027s unbounded multipart preamble buffering enables DoS (memory exhaustion) (CVE-2025-61770)\n\n* rack: Rack\u0027s multipart parser buffers large non?file fields entirely in memory, enabling DoS (memory exhaustion) (CVE-2025-61771)\n\n* rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion (CVE-2025-61919)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:21696",
        "url": "https://access.redhat.com/errata/RHSA-2025:21696"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2402174",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402174"
      },
      {
        "category": "external",
        "summary": "2402175",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402175"
      },
      {
        "category": "external",
        "summary": "2403180",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403180"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_21696.json"
      }
    ],
    "title": "Red Hat Security Advisory: pcs security update",
    "tracking": {
      "current_release_date": "2025-11-21T19:31:51+00:00",
      "generator": {
        "date": "2025-11-21T19:31:51+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2025:21696",
      "initial_release_date": "2025-11-18T14:42:26+00:00",
      "revision_history": [
        {
          "date": "2025-11-18T14:42:26+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-11-18T14:42:26+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T19:31:51+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS)",
                  "product_id": "7Server-HighAvailability-ELS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)",
                  "product_id": "7Server-ResilientStorage-ELS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "pcs-0:0.9.169-3.el7_9.5.src",
                "product": {
                  "name": "pcs-0:0.9.169-3.el7_9.5.src",
                  "product_id": "pcs-0:0.9.169-3.el7_9.5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcs@0.9.169-3.el7_9.5?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "pcs-0:0.9.169-3.el7_9.5.x86_64",
                "product": {
                  "name": "pcs-0:0.9.169-3.el7_9.5.x86_64",
                  "product_id": "pcs-0:0.9.169-3.el7_9.5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcs@0.9.169-3.el7_9.5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
                "product": {
                  "name": "pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
                  "product_id": "pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcs-snmp@0.9.169-3.el7_9.5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
                "product": {
                  "name": "pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
                  "product_id": "pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.169-3.el7_9.5?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "pcs-0:0.9.169-3.el7_9.5.ppc64le",
                "product": {
                  "name": "pcs-0:0.9.169-3.el7_9.5.ppc64le",
                  "product_id": "pcs-0:0.9.169-3.el7_9.5.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcs@0.9.169-3.el7_9.5?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
                "product": {
                  "name": "pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
                  "product_id": "pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcs-snmp@0.9.169-3.el7_9.5?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
                "product": {
                  "name": "pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
                  "product_id": "pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.169-3.el7_9.5?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-0:0.9.169-3.el7_9.5.ppc64le as a component of Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS)",
          "product_id": "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le"
        },
        "product_reference": "pcs-0:0.9.169-3.el7_9.5.ppc64le",
        "relates_to_product_reference": "7Server-HighAvailability-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-0:0.9.169-3.el7_9.5.src as a component of Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS)",
          "product_id": "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src"
        },
        "product_reference": "pcs-0:0.9.169-3.el7_9.5.src",
        "relates_to_product_reference": "7Server-HighAvailability-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-0:0.9.169-3.el7_9.5.x86_64 as a component of Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS)",
          "product_id": "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64"
        },
        "product_reference": "pcs-0:0.9.169-3.el7_9.5.x86_64",
        "relates_to_product_reference": "7Server-HighAvailability-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le as a component of Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS)",
          "product_id": "7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le"
        },
        "product_reference": "pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
        "relates_to_product_reference": "7Server-HighAvailability-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64 as a component of Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS)",
          "product_id": "7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64"
        },
        "product_reference": "pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
        "relates_to_product_reference": "7Server-HighAvailability-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le as a component of Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS)",
          "product_id": "7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le"
        },
        "product_reference": "pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
        "relates_to_product_reference": "7Server-HighAvailability-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-snmp-0:0.9.169-3.el7_9.5.x86_64 as a component of Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS)",
          "product_id": "7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64"
        },
        "product_reference": "pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
        "relates_to_product_reference": "7Server-HighAvailability-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-0:0.9.169-3.el7_9.5.ppc64le as a component of Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)",
          "product_id": "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le"
        },
        "product_reference": "pcs-0:0.9.169-3.el7_9.5.ppc64le",
        "relates_to_product_reference": "7Server-ResilientStorage-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-0:0.9.169-3.el7_9.5.src as a component of Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)",
          "product_id": "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src"
        },
        "product_reference": "pcs-0:0.9.169-3.el7_9.5.src",
        "relates_to_product_reference": "7Server-ResilientStorage-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-0:0.9.169-3.el7_9.5.x86_64 as a component of Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)",
          "product_id": "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64"
        },
        "product_reference": "pcs-0:0.9.169-3.el7_9.5.x86_64",
        "relates_to_product_reference": "7Server-ResilientStorage-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le as a component of Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)",
          "product_id": "7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le"
        },
        "product_reference": "pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
        "relates_to_product_reference": "7Server-ResilientStorage-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64 as a component of Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)",
          "product_id": "7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64"
        },
        "product_reference": "pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
        "relates_to_product_reference": "7Server-ResilientStorage-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le as a component of Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)",
          "product_id": "7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le"
        },
        "product_reference": "pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
        "relates_to_product_reference": "7Server-ResilientStorage-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-snmp-0:0.9.169-3.el7_9.5.x86_64 as a component of Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)",
          "product_id": "7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64"
        },
        "product_reference": "pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
        "relates_to_product_reference": "7Server-ResilientStorage-ELS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-61770",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2025-10-07T15:01:10.718770+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2402174"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` buffers the entire multipart preamble (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory (OOM) conditions. Remote attackers can trigger large transient memory spikes by including a long preamble in multipart/form-data requests. The impact scales with allowed request sizes and concurrency, potentially causing worker crashes or severe slowdown due to garbage collection. Versions 2.2.19, 3.1.17, and 3.2.2 enforce a preamble size limit (e.g., 16 KiB) or discard preamble data entirely. Workarounds include limiting total request body size at the proxy or web server level and monitoring memory and set per-process limits to prevent OOM conditions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rack: Rack\u0027s unbounded multipart preamble buffering enables DoS (memory exhaustion)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is IMPORTANT because the vulnerability can be exploited over a network and can cause denial of service on such applications that run the vulnerable Rack code. By sending multipart requests with large preambles, an attacker can exhaust memory resources or crash worker processes, leading to service downtime.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
          "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src",
          "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
          "7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
          "7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
          "7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
          "7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
          "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
          "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src",
          "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
          "7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
          "7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
          "7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
          "7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-61770"
        },
        {
          "category": "external",
          "summary": "RHBZ#2402174",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402174"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-61770",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61770",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61770"
        },
        {
          "category": "external",
          "summary": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e",
          "url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"
        },
        {
          "category": "external",
          "summary": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e",
          "url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"
        },
        {
          "category": "external",
          "summary": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd",
          "url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"
        },
        {
          "category": "external",
          "summary": "https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp",
          "url": "https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp"
        }
      ],
      "release_date": "2025-10-07T14:30:04.552000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-11-18T14:42:26+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src",
            "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src",
            "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:21696"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src",
            "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src",
            "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "rack: Rack\u0027s unbounded multipart preamble buffering enables DoS (memory exhaustion)"
    },
    {
      "cve": "CVE-2025-61771",
      "cwe": {
        "id": "CWE-1284",
        "name": "Improper Validation of Specified Quantity in Input"
      },
      "discovery_date": "2025-10-07T15:01:16.223161+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2402175"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, ``Rack::Multipart::Parser` stores non-file form fields (parts without a `filename`) entirely in memory as Ruby `String` objects. A single large text field in a multipart/form-data request (hundreds of megabytes or more) can consume equivalent process memory, potentially leading to out-of-memory (OOM) conditions and denial of service (DoS). Attackers can send large non-file fields to trigger excessive memory usage. Impact scales with request size and concurrency, potentially leading to worker crashes or severe garbage-collection overhead. All Rack applications processing multipart form submissions are affected. Versions 2.2.19, 3.1.17, and 3.2.2 enforce a reasonable size cap for non-file fields (e.g., 2 MiB). Workarounds include restricting maximum request body size at the web-server or proxy layer (e.g., Nginx `client_max_body_size`) and validating and rejecting unusually large form fields at the application level.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rack: Rack\u0027s multipart parser buffers large non\u2011file fields entirely in memory, enabling DoS (memory exhaustion)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The impact is IMPORTANT because this happens over a network and causes a denial of service. Large non-file fields are buffered in memory instead of being streamed or capped, leading to memory exhaustion and worker crashes.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
          "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src",
          "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
          "7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
          "7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
          "7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
          "7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
          "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
          "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src",
          "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
          "7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
          "7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
          "7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
          "7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-61771"
        },
        {
          "category": "external",
          "summary": "RHBZ#2402175",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402175"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-61771",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61771",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61771"
        },
        {
          "category": "external",
          "summary": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e",
          "url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"
        },
        {
          "category": "external",
          "summary": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e",
          "url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"
        },
        {
          "category": "external",
          "summary": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd",
          "url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"
        },
        {
          "category": "external",
          "summary": "https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw",
          "url": "https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw"
        }
      ],
      "release_date": "2025-10-07T14:42:53.366000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-11-18T14:42:26+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src",
            "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src",
            "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:21696"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src",
            "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src",
            "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "rack: Rack\u0027s multipart parser buffers large non\u2011file fields entirely in memory, enabling DoS (memory exhaustion)"
    },
    {
      "cve": "CVE-2025-61919",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2025-10-10T20:01:19.001907+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2403180"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::Request#POST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing denial of service (DoS) through memory exhaustion. Even with configured parsing limits, the issue occurs before those limits are enforced, allowing unbounded memory allocation proportional to request size.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "~~~\n\nAffectedness:\n\nRack 1.x, including 1.6.x, is not affected by this vulnerability. The issue exists only in Rack 2.x and 3.x, where request parsing was refactored into the QueryParser component. Since Rack 1.x does not include this component, it does not contain the vulnerable logic.\n\nRuby 2.x and 3.x versions shipped with Red Hat Enterprise Linux, Red Hat Openshift Core OS (RHOCS) and Red Hat In-Vehicle OS (RHIVOS) are not affected, as they do not bundle the rack RubyGem by default. Rack is a third-party gem that must be installed separately.\n\n~~~",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
          "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src",
          "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
          "7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
          "7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
          "7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
          "7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
          "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
          "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src",
          "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
          "7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
          "7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
          "7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
          "7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-61919"
        },
        {
          "category": "external",
          "summary": "RHBZ#2403180",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403180"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-61919",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61919",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61919"
        },
        {
          "category": "external",
          "summary": "https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881",
          "url": "https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881"
        },
        {
          "category": "external",
          "summary": "https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db",
          "url": "https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db"
        },
        {
          "category": "external",
          "summary": "https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f",
          "url": "https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f"
        },
        {
          "category": "external",
          "summary": "https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm",
          "url": "https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm"
        }
      ],
      "release_date": "2025-10-10T19:22:42.454000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-11-18T14:42:26+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src",
            "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src",
            "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:21696"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available that meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability beyond these configuration-based workarounds.",
          "product_ids": [
            "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src",
            "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src",
            "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src",
            "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src",
            "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
            "7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
            "7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion"
    }
  ]
}

CVE-2025-61771 (GCVE-0-2025-61771)

Vulnerability from cvelistv5

Published

2025-10-07 14:42

Modified

2025-10-07 17:52

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Summary

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, ``Rack::Multipart::Parser` stores non-file form fields (parts without a `filename`) entirely in memory as Ruby `String` objects. A single large text field in a multipart/form-data request (hundreds of megabytes or more) can consume equivalent process memory, potentially leading to out-of-memory (OOM) conditions and denial of service (DoS). Attackers can send large non-file fields to trigger excessive memory usage. Impact scales with request size and concurrency, potentially leading to worker crashes or severe garbage-collection overhead. All Rack applications processing multipart form submissions are affected. Versions 2.2.19, 3.1.17, and 3.2.2 enforce a reasonable size cap for non-file fields (e.g., 2 MiB). Workarounds include restricting maximum request body size at the web-server or proxy layer (e.g., Nginx `client_max_body_size`) and validating and rejecting unusually large form fields at the application level.

References

URL

Tags

	https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw	x_refsource_CONFIRM
	https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e	x_refsource_MISC
	https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e	x_refsource_MISC
	https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	rack	rack	Version: < 2.2.19 Version: >= 3.1, < 3.1.17 Version: >= 3.2, < 3.2.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-61771",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-07T17:51:58.348077Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-07T17:52:09.399Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rack",
          "vendor": "rack",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.2.19"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.1, \u003c 3.1.17"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.2, \u003c 3.2.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, ``Rack::Multipart::Parser` stores non-file form fields (parts without a `filename`) entirely in memory as Ruby `String` objects. A single large text field in a multipart/form-data request (hundreds of megabytes or more) can consume equivalent process memory, potentially leading to out-of-memory (OOM) conditions and denial of service (DoS). Attackers can send large non-file fields to trigger excessive memory usage. Impact scales with request size and concurrency, potentially leading to worker crashes or severe garbage-collection overhead. All Rack applications processing multipart form submissions are affected. Versions 2.2.19, 3.1.17, and 3.2.2 enforce a reasonable size cap for non-file fields (e.g., 2 MiB). Workarounds include restricting maximum request body size at the web-server or proxy layer (e.g., Nginx `client_max_body_size`) and validating and rejecting unusually large form fields at the application level."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-07T14:42:53.366Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw"
        },
        {
          "name": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"
        },
        {
          "name": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"
        },
        {
          "name": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"
        }
      ],
      "source": {
        "advisory": "GHSA-w9pc-fmgc-vxvw",
        "discovery": "UNKNOWN"
      },
      "title": "Rack\u0027s multipart parser buffers large non\u2011file fields entirely in memory, enabling DoS (memory exhaustion)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-61771",
    "datePublished": "2025-10-07T14:42:53.366Z",
    "dateReserved": "2025-09-30T19:43:49.900Z",
    "dateUpdated": "2025-10-07T17:52:09.399Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-61919 (GCVE-0-2025-61919)

Vulnerability from cvelistv5

Published

2025-10-10 19:22

Modified

2025-10-10 20:48

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Summary

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`).

References

URL

Tags

	https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm	x_refsource_CONFIRM
	https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881	x_refsource_MISC
	https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db	x_refsource_MISC
	https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	rack	rack	Version: < 2.2.20 Version: >= 3.0, < 3.1.18 Version: >= 3.2, < 3.2.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-61919",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-10T20:48:10.264464Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-10T20:48:20.240Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rack",
          "vendor": "rack",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.2.20"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.0, \u003c 3.1.18"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.2, \u003c 3.2.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-10T19:22:42.454Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm"
        },
        {
          "name": "https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881"
        },
        {
          "name": "https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db"
        },
        {
          "name": "https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f"
        }
      ],
      "source": {
        "advisory": "GHSA-6xw4-3v39-52mm",
        "discovery": "UNKNOWN"
      },
      "title": "Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-61919",
    "datePublished": "2025-10-10T19:22:42.454Z",
    "dateReserved": "2025-10-03T22:21:59.615Z",
    "dateUpdated": "2025-10-10T20:48:20.240Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-61770 (GCVE-0-2025-61770)

Vulnerability from cvelistv5

Published

2025-10-07 14:30

Modified

2025-10-07 15:43

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Summary

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` buffers the entire multipart preamble (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory (OOM) conditions. Remote attackers can trigger large transient memory spikes by including a long preamble in multipart/form-data requests. The impact scales with allowed request sizes and concurrency, potentially causing worker crashes or severe slowdown due to garbage collection. Versions 2.2.19, 3.1.17, and 3.2.2 enforce a preamble size limit (e.g., 16 KiB) or discard preamble data entirely. Workarounds include limiting total request body size at the proxy or web server level and monitoring memory and set per-process limits to prevent OOM conditions.

References

URL

Tags

	https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp	x_refsource_CONFIRM
	https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e	x_refsource_MISC
	https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e	x_refsource_MISC
	https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	rack	rack	Version: < 2.2.19 Version: >= 3.1, < 3.1.17 Version: >= 3.2, < 3.2.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-61770",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-07T15:23:07.044511Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-07T15:43:06.827Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rack",
          "vendor": "rack",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.2.19"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.1, \u003c 3.1.17"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.2, \u003c 3.2.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` buffers the entire multipart preamble (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory (OOM) conditions. Remote attackers can trigger large transient memory spikes by including a long preamble in multipart/form-data requests. The impact scales with allowed request sizes and concurrency, potentially causing worker crashes or severe slowdown due to garbage collection. Versions 2.2.19, 3.1.17, and 3.2.2 enforce a preamble size limit (e.g., 16 KiB) or discard preamble data entirely. Workarounds include limiting total request body size at the proxy or web server level and monitoring memory and set per-process limits to prevent OOM conditions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-07T14:42:04.268Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp"
        },
        {
          "name": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"
        },
        {
          "name": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"
        },
        {
          "name": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"
        }
      ],
      "source": {
        "advisory": "GHSA-p543-xpfm-54cp",
        "discovery": "UNKNOWN"
      },
      "title": "Rack\u0027s unbounded multipart preamble buffering enables DoS (memory exhaustion)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-61770",
    "datePublished": "2025-10-07T14:30:04.552Z",
    "dateReserved": "2025-09-30T19:43:49.900Z",
    "dateUpdated": "2025-10-07T15:43:06.827Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2025:21696

Vulnerability from csaf_redhat

CVE-2025-61771 (GCVE-0-2025-61771)

Vulnerability from cvelistv5

CVE-2025-61919 (GCVE-0-2025-61919)

Vulnerability from cvelistv5

CVE-2025-61770 (GCVE-0-2025-61770)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature