CVE-2024-26141
Possible DoS Vulnerability with Range Header in Rack
In short
A flaw in Rack's Range header handling allows attackers to craft special requests that trick the server into sending extremely large responses, overwhelming it and making it unavailable to legitimate users.
Technical detail
The vulnerability exists in Rack::File middleware and Rack::Utils.byte_ranges methods where maliciously crafted Range headers bypass proper validation, causing excessive memory allocation and network bandwidth consumption. This affects Rails applications and other Rack-based servers, leading to denial of service when processing the unexpectedly large responses.
Summary generated and translated by AI from the official description.
Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
Affected products
rack · rackWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48bhttps://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.ymlhttps://lists.debian.org/debian-lts-announce/2024/04/msg00022.htmlhttps://security.netapp.com/advisory/ntap-20240510-0007/