CNNVD-202510-1052 Information

CNNVD ID

CNNVD-202510-1052

Related CVE

CVE-2025-61770

• CNNVD Published: 2025-10-07

Description (Chinese)

Rack是Rack开源的一个模块化的Ruby web服务器界面。 Rack 2.2.19之前版本、3.1.17之前版本和3.2.2之前版本存在资源管理错误漏洞，该漏洞源于Rack::Multipart::Parser对多部分前导码无限制缓冲，可能导致内存耗尽和进程终止。

Description (English)

Rack is a modular Ruby web server interface for Rack Open Source. There is a resource management error loophole in the pre-Rack 2.2.19, pre-R. 3.1.17 and pre-R.2.2, which stems from the fact that Rack:Multipart::Parser has an unlimited buffer against multi-part precursor codes, which may lead to depletion of memory and process termination.

Hazard Level

Medium

Vulnerability Type

资源管理错误

Affected Vendor

Rack

Published

2025-10-07

Last Modified

2026-02-24

References

https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e https://vigilance.fr/vulnerability/Rack-five-vulnerabilities-dated-03-11-2025-48633