CVE-2024-25126

Rack ReDos in content type parsing (2nd degree polynomial)

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1.

Rack es una interfaz modular de servidor web Ruby. Los encabezados de tipo de contenido cuidadosamente elaborados pueden hacer que el analizador de tipo de medios de Rack demore mucho más de lo esperado, lo que lleva a una posible vulnerabilidad de denegación de servicio (polinomio de segundo grado de ReDos). Esta vulnerabilidad está parcheada en 3.0.9.1 y 2.2.8.1.

A denial of service (DoS) vulnerability was found in rubygem-rack in how it parses Content-Type. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability.

It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of service. It was discovered that Rack was not properly escaping untrusted data when performing logging operations, which could cause shell escaped sequences to be written to a terminal. If a user or automated system were tricked into sending a specially crafted request to an application using Rack, a remote attacker could possibly use this issue to execute arbitrary code in the machine running the application.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Poc

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-05 CVE Reserved
2024-02-28 CVE Published
2025-02-13 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-1333: Inefficient Regular Expression Complexity

CAPEC

References (9)

URL	Tag	Source
https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941	X_refsource_misc
https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462	X_refsource_misc
https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49	X_refsource_misc
https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx	X_refsource_confirm
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml	X_refsource_misc
https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html
https://security.netapp.com/advisory/ntap-20240510-0005

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-25126	2024-05-28
https://bugzilla.redhat.com/show_bug.cgi?id=2265593	2024-05-28

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Rack Search vendor "Rack"		Rack Search vendor "Rack" for product "Rack"				>= 3.0.0.0 < 3.0.9.1 Search vendor "Rack" for product "Rack" and version " >= 3.0.0.0 < 3.0.9.1"		en		Affected
Rack Search vendor "Rack"		Rack Search vendor "Rack" for product "Rack"				>= 0.4.0.0 < 2.2.8.1 Search vendor "Rack" for product "Rack" and version " >= 0.4.0.0 < 2.2.8.1"		en		Affected