← back
CVE-2025-61772

Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

CVSS 7.5 HIGHEPSS 0.8%CWE-400
In short

Rack's multipart parser doesn't limit how much data it stores for each part's headers, so an attacker can send incomplete headers that never end, filling up server memory until it crashes. This is a denial of service attack that affects any web application using Rack to handle file uploads.

Technical detail

CVE-2025-61772 is a memory exhaustion vulnerability in Rack::Multipart::Parser (CWE-400) where incomplete multipart headers lacking the terminating CRLFCRLF sequence cause unbounded buffering of per-part header data. The attack vector is unauthenticated remote; an attacker sends malformed multipart requests with incomplete headers to exhaust server memory and trigger OOM or process termination. Versions before 2.2.19, 3.1.17, and 3.2.2 are affected; patched versions implement a per-part header size cap (64 KiB).

Summary generated and translated by AI from the official description.
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of service (DoS). Attackers can send incomplete multipart headers to trigger high memory use, leading to process termination (OOM) or severe slowdown. The effect scales with request size limits and concurrency. All applications handling multipart uploads may be affected. Versions 2.2.19, 3.1.17, and 3.2.2 cap per-part header size (e.g., 64 KiB). As a workaround, restrict maximum request sizes at the proxy or web server layer (e.g., Nginx `client_max_body_size`).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
rack · rack

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181ehttps://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29ehttps://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fdhttps://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c