{ "threat_severity" : "Important", "public_date" : "2025-10-07T14:30:04Z", "bugzilla" : { "description" : "rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)", "id" : "2402174", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2402174" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-400", "details" : [ "Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` buffers the entire multipart preamble (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory (OOM) conditions. Remote attackers can trigger large transient memory spikes by including a long preamble in multipart/form-data requests. The impact scales with allowed request sizes and concurrency, potentially causing worker crashes or severe slowdown due to garbage collection. Versions 2.2.19, 3.1.17, and 3.2.2 enforce a preamble size limit (e.g., 16 KiB) or discard preamble data entirely. Workarounds include limiting total request body size at the proxy or web server level and monitoring memory and set per-process limits to prevent OOM conditions.", "A flaw was found in Rack where the Rack::Multipart::Parser buffers the multipart preamble memory without size limits. A remote attacker can send a crafted multipart/form-data request with a very large preamble before its first boundary, causing excessive memory consumption and denial of service crash due to out-of-memory issue." ], "statement" : "This is IMPORTANT because the vulnerability can be exploited over a network and can cause denial of service on such applications that run the vulnerable Rack code. By sending multipart requests with large preambles, an attacker can exhaust memory resources or crash worker processes, leading to service downtime.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2025-11-03T00:00:00Z", "advisory" : "RHSA-2025:19513", "cpe" : "cpe:/o:redhat:enterprise_linux:10.0", "package" : "pcs-0:0.12.0-3.el10_0.3" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2025-11-11T00:00:00Z", "advisory" : "RHSA-2025:21036", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "pcs-0:0.12.1-1.el10_1.1" }, { "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date" : "2025-11-18T00:00:00Z", "advisory" : "RHSA-2025:21696", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "pcs-0:0.9.169-3.el7_9.5" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19719", "cpe" : "cpe:/a:redhat:enterprise_linux:8::highavailability", "package" : "pcs-0:0.10.18-2.el8_10.7" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2025-11-10T00:00:00Z", "advisory" : "RHSA-2025:19948", "cpe" : "cpe:/a:redhat:rhel_aus:8.4::highavailability", "package" : "pcs-0:0.10.8-1.el8_4.8" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On", "release_date" : "2025-11-10T00:00:00Z", "advisory" : "RHSA-2025:19948", "cpe" : "cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability", "package" : "pcs-0:0.10.8-1.el8_4.8" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19734", "cpe" : "cpe:/a:redhat:rhel_tus:8.6::highavailability", "package" : "pcs-0:0.10.12-6.el8_6.10" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19734", "cpe" : "cpe:/a:redhat:rhel_e4s:8.6::highavailability", "package" : "pcs-0:0.10.12-6.el8_6.10" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19647", "cpe" : "cpe:/a:redhat:rhel_tus:8.8::highavailability", "package" : "pcs-0:0.10.15-4.el8_8.9" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19647", "cpe" : "cpe:/a:redhat:rhel_e4s:8.8::highavailability", "package" : "pcs-0:0.10.15-4.el8_8.9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-11-03T00:00:00Z", "advisory" : "RHSA-2025:19512", "cpe" : "cpe:/a:redhat:enterprise_linux:9::highavailability", "package" : "pcs-0:0.11.9-2.el9_6.2" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-11-11T00:00:00Z", "advisory" : "RHSA-2025:20962", "cpe" : "cpe:/a:redhat:enterprise_linux:9::highavailability", "package" : "pcs-0:0.11.10-1.el9_7.1" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2025-11-05T00:00:00Z", "advisory" : "RHSA-2025:19800", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0::highavailability", "package" : "pcs-0:0.11.1-10.el9_0.9" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19733", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2::highavailability", "package" : "pcs-0:0.11.4-7.el9_2.6" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19736", "cpe" : "cpe:/a:redhat:rhel_eus:9.4::highavailability", "package" : "pcs-0:0.11.7-2.el9_4.5" } ], "package_state" : [ { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/cluster-logging-operator-bundle", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/cluster-logging-rhel9-operator", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/eventrouter-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/fluentd-rhel8", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/fluentd-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/log-file-metric-exporter-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/logging-view-plugin-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/vector-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp21/zync", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp22/zync", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp24/zync", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp25/zync", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp26/zync", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "3scale-amp2/zync-rhel7", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp2/zync-rhel8", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "3scale-amp2/zync-rhel9", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "ruby", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "ruby", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "ruby", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "ruby:2.5/ruby", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "ruby:3.3/ruby", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "ruby", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "ruby:3.3/ruby", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "rhcos", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Not affected", "package_name" : "devspaces/code-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Not affected", "package_name" : "devspaces-tech-preview/idea-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-cinder-api", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-cinder-backup", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-cinder-scheduler", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-cinder-volume", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-cron", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-dependencies", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-etcd", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-fluentd", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-haproxy", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-iscsid", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-manila-api", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-manila-scheduler", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-manila-share", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-mariadb", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-memcached", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-multipathd", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-nova-libvirt", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-openvswitch-base", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-ovn-controller", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-ovn-nb-db-server", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-ovn-northd", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-ovn-sb-db-server", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-qdrouterd", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-rabbitmq", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-redis", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-redis-base", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-sensu-base", "cpe" : "cpe:/a:redhat:openstack:13" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-61770\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-61770\nhttps://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e\nhttps://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e\nhttps://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd\nhttps://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp" ], "name" : "CVE-2025-61770", "csaw" : false }