{ "threat_severity" : "Moderate", "public_date" : "2025-10-07T15:02:09Z", "bugzilla" : { "description" : "rack: Rack memory exhaustion denial of service", "id" : "2402200", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2402200" }, "cvss3" : { "cvss3_base_score" : "5.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status" : "verified" }, "cwe" : "CWE-400", "details" : [ "Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of service (DoS). Attackers can send incomplete multipart headers to trigger high memory use, leading to process termination (OOM) or severe slowdown. The effect scales with request size limits and concurrency. All applications handling multipart uploads may be affected. Versions 2.2.19, 3.1.17, and 3.2.2 cap per-part header size (e.g., 64 KiB). As a workaround, restrict maximum request sizes at the proxy or web server layer (e.g., Nginx `client_max_body_size`).", "A denial of service flaw has been found in the rubygems rack package. `Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of service (DoS)." ], "statement" : "The availability risk to Red Hat systems is limited to the application which has integrated rack. The host operating system availability is not at risk.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2025-11-03T00:00:00Z", "advisory" : "RHSA-2025:19513", "cpe" : "cpe:/o:redhat:enterprise_linux:10.0", "package" : "pcs-0:0.12.0-3.el10_0.3" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2025-11-11T00:00:00Z", "advisory" : "RHSA-2025:21036", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "pcs-0:0.12.1-1.el10_1.1" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19719", "cpe" : "cpe:/a:redhat:enterprise_linux:8::highavailability", "package" : "pcs-0:0.10.18-2.el8_10.7" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2025-11-10T00:00:00Z", "advisory" : "RHSA-2025:19948", "cpe" : "cpe:/a:redhat:rhel_aus:8.4::highavailability", "package" : "pcs-0:0.10.8-1.el8_4.8" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On", "release_date" : "2025-11-10T00:00:00Z", "advisory" : "RHSA-2025:19948", "cpe" : "cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability", "package" : "pcs-0:0.10.8-1.el8_4.8" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19734", "cpe" : "cpe:/a:redhat:rhel_tus:8.6::highavailability", "package" : "pcs-0:0.10.12-6.el8_6.10" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19734", "cpe" : "cpe:/a:redhat:rhel_e4s:8.6::highavailability", "package" : "pcs-0:0.10.12-6.el8_6.10" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19647", "cpe" : "cpe:/a:redhat:rhel_tus:8.8::highavailability", "package" : "pcs-0:0.10.15-4.el8_8.9" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19647", "cpe" : "cpe:/a:redhat:rhel_e4s:8.8::highavailability", "package" : "pcs-0:0.10.15-4.el8_8.9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-11-03T00:00:00Z", "advisory" : "RHSA-2025:19512", "cpe" : "cpe:/a:redhat:enterprise_linux:9::highavailability", "package" : "pcs-0:0.11.9-2.el9_6.2" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-11-11T00:00:00Z", "advisory" : "RHSA-2025:20962", "cpe" : "cpe:/a:redhat:enterprise_linux:9::highavailability", "package" : "pcs-0:0.11.10-1.el9_7.1" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2025-11-05T00:00:00Z", "advisory" : "RHSA-2025:19800", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0::highavailability", "package" : "pcs-0:0.11.1-10.el9_0.9" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19733", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2::highavailability", "package" : "pcs-0:0.11.4-7.el9_2.6" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19736", "cpe" : "cpe:/a:redhat:rhel_eus:9.4::highavailability", "package" : "pcs-0:0.11.7-2.el9_4.5" } ], "package_state" : [ { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/cluster-logging-operator-bundle", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/cluster-logging-rhel9-operator", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/eventrouter-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/fluentd-rhel8", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/fluentd-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/log-file-metric-exporter-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/logging-view-plugin-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/vector-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Fix deferred", "package_name" : "3scale-amp21/zync", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Fix deferred", "package_name" : "3scale-amp22/zync", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Fix deferred", "package_name" : "3scale-amp24/zync", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Fix deferred", "package_name" : "3scale-amp25/zync", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Fix deferred", "package_name" : "3scale-amp26/zync", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Fix deferred", "package_name" : "3scale-amp2/zync-rhel7", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Fix deferred", "package_name" : "3scale-amp2/zync-rhel8", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Fix deferred", "package_name" : "3scale-amp2/zync-rhel9", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Fix deferred", "package_name" : "3scale-amp-zync-container", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "rhel10/ruby-33", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "ubi10/ruby-33", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "pcs", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "rhel8/ruby-25", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "rhel8/ruby-33", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "ubi8/ruby-25", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "ubi8/ruby-33", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "rhel9/ruby-30", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "rhel9/ruby-31", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "rhel9/ruby-33", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "ubi9/ruby-30", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "ubi9/ruby-31", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "ubi9/ruby-33", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "rhcos", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Fix deferred", "package_name" : "rhosp13/openstack-cinder-backup", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Fix deferred", "package_name" : "rhosp13/openstack-cinder-volume", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Fix deferred", "package_name" : "rhosp13/openstack-haproxy", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Fix deferred", "package_name" : "rhosp13/openstack-manila-share", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Fix deferred", "package_name" : "rhosp13/openstack-mariadb", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Fix deferred", "package_name" : "rhosp13/openstack-ovn-northd", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Fix deferred", "package_name" : "rhosp13/openstack-rabbitmq", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Fix deferred", "package_name" : "rhosp13/openstack-redis", "cpe" : "cpe:/a:redhat:openstack:13" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-61772\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-61772\nhttps://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e\nhttps://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e\nhttps://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd\nhttps://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c" ], "name" : "CVE-2025-61772", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }