Miggo Logo

CVE-2022-44572: Denial of service via multipart parsing in Rack

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.48363%
Published
1/18/2023
Updated
10/23/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
rackrubygems>= 2.0.0, < 2.0.9.22.0.9.2
rackrubygems>= 2.1.0.0, < 2.1.4.22.1.4.2
rackrubygems>= 2.2.0.0, < 2.2.6.12.2.6.1
rackrubygems>= 3.0.0.0, < 3.0.4.13.0.4.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from inefficient regex handling in multipart boundary parsing (CWE-1333). The patches explicitly forbid control characters in attributes, indicating the vulnerable functions were involved in parsing multipart headers/boundaries. Rack's multipart parser (parser.rb) is the logical component handling this logic. The combination of CWE-1333 reference and the patch's focus on attribute validation strongly points to regex-based parsing functions in this module as the root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T**r* is * **ni*l o* s*rvi** vuln*r**ility in t** multip*rt p*rsin* *ompon*nt o* R**k. T*is vuln*r**ility **s ***n *ssi*n** t** *V* i**nti*i*r *V*-****-*****. V*rsions *****t**: >= *.*.* Not *****t**: Non*. *ix** V*rsions: *.*.*.*, *.*.*.*, *.*.*.*,

Reasoning

T** vuln*r**ility st*ms *rom in***i*i*nt r***x **n*lin* in multip*rt *oun**ry p*rsin* (*W*-****). T** p*t***s *xpli*itly *or*i* *ontrol ***r**t*rs in *ttri*ut*s, in*i**tin* t** vuln*r**l* *un*tions w*r* involv** in p*rsin* multip*rt *****rs/*oun**ri*