-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| rack | rubygems | < 2.2.19 | 2.2.19 |
| rack | rubygems | >= 3.1, < 3.1.17 | 3.1.17 |
| rack | rubygems | >= 3.2, < 3.2.2 | 3.2.2 |
RubyRubyMiggo AIRoot Cause AnalysisThe analysis of the provided patches reveals that the vulnerability lies within the Rack::Multipart::Parser class, specifically in two methods that handle the initial parsing of a multipart request. The provided commits address unbounded memory allocation vulnerabilities in handle_fast_forward and handle_mime_head.
The vulnerability description provided (GHSA-w9pc-fmgc-vxvw) focuses on the buffering of large non-file fields, which is a slightly different issue (related to CVE-2025-61771). However, the provided patches are for CVE-2025-61770 (unbounded preamble buffering) and CVE-2025-61772 (unbounded header buffering). The task is to analyze the provided patches, so the identified vulnerable functions are the ones fixed in those commits.
Rack::Multipart::Parser.handle_fast_forward: This function was vulnerable because it lacked a size limit on the data buffered while searching for the first multipart boundary. An attacker could send a request without a boundary, causing the application to run out of memory.
Rack::Multipart::Parser.handle_mime_head: Similarly, this function was vulnerable due to the absence of a size limit on the data buffered for a part's headers. An attacker could send a part with an extremely large header to cause memory exhaustion.
During exploitation, a profiler would show these functions being executed repeatedly as they consume the malicious request body, leading to increased memory usage until the process crashes. Therefore, these two functions are the key runtime indicators for this vulnerability.
Ongoing coverage of React2Shell