{ "threat_severity" : "Important", "public_date" : "2025-10-10T19:22:42Z", "bugzilla" : { "description" : "rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion", "id" : "2403180", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2403180" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-400", "details" : [ "Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`).", "A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::Request#POST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing denial of service (DoS) through memory exhaustion. Even with configured parsing limits, the issue occurs before those limits are enforced, allowing unbounded memory allocation proportional to request size." ], "statement" : "~~~\nAffectedness:\nRack 1.x, including 1.6.x, is not affected by this vulnerability. The issue exists only in Rack 2.x and 3.x, where request parsing was refactored into the QueryParser component. Since Rack 1.x does not include this component, it does not contain the vulnerable logic.\nRuby 2.x and 3.x versions shipped with Red Hat Enterprise Linux, Red Hat Openshift Core OS (RHOCS) and Red Hat In-Vehicle OS (RHIVOS) are not affected, as they do not bundle the rack RubyGem by default. Rack is a third-party gem that must be installed separately.\n~~~", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2025-11-03T00:00:00Z", "advisory" : "RHSA-2025:19513", "cpe" : "cpe:/o:redhat:enterprise_linux:10.0", "package" : "pcs-0:0.12.0-3.el10_0.3" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2025-11-11T00:00:00Z", "advisory" : "RHSA-2025:21036", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "pcs-0:0.12.1-1.el10_1.1" }, { "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date" : "2025-11-18T00:00:00Z", "advisory" : "RHSA-2025:21696", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "pcs-0:0.9.169-3.el7_9.5" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19719", "cpe" : "cpe:/a:redhat:enterprise_linux:8::highavailability", "package" : "pcs-0:0.10.18-2.el8_10.7" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2025-11-10T00:00:00Z", "advisory" : "RHSA-2025:19948", "cpe" : "cpe:/a:redhat:rhel_aus:8.4::highavailability", "package" : "pcs-0:0.10.8-1.el8_4.8" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On", "release_date" : "2025-11-10T00:00:00Z", "advisory" : "RHSA-2025:19948", "cpe" : "cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability", "package" : "pcs-0:0.10.8-1.el8_4.8" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19734", "cpe" : "cpe:/a:redhat:rhel_tus:8.6::highavailability", "package" : "pcs-0:0.10.12-6.el8_6.10" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19734", "cpe" : "cpe:/a:redhat:rhel_e4s:8.6::highavailability", "package" : "pcs-0:0.10.12-6.el8_6.10" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19647", "cpe" : "cpe:/a:redhat:rhel_tus:8.8::highavailability", "package" : "pcs-0:0.10.15-4.el8_8.9" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19647", "cpe" : "cpe:/a:redhat:rhel_e4s:8.8::highavailability", "package" : "pcs-0:0.10.15-4.el8_8.9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-11-03T00:00:00Z", "advisory" : "RHSA-2025:19512", "cpe" : "cpe:/a:redhat:enterprise_linux:9::highavailability", "package" : "pcs-0:0.11.9-2.el9_6.2" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-11-11T00:00:00Z", "advisory" : "RHSA-2025:20962", "cpe" : "cpe:/a:redhat:enterprise_linux:9::highavailability", "package" : "pcs-0:0.11.10-1.el9_7.1" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2025-11-05T00:00:00Z", "advisory" : "RHSA-2025:19800", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0::highavailability", "package" : "pcs-0:0.11.1-10.el9_0.9" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19733", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2::highavailability", "package" : "pcs-0:0.11.4-7.el9_2.6" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19736", "cpe" : "cpe:/a:redhat:rhel_eus:9.4::highavailability", "package" : "pcs-0:0.11.7-2.el9_4.5" }, { "product_name" : "Red Hat Satellite 6.15 for RHEL 8", "release_date" : "2025-11-06T00:00:00Z", "advisory" : "RHSA-2025:19856", "cpe" : "cpe:/a:redhat:satellite:6.15::el8", "package" : "rubygem-rack-0:2.2.20-1.el8sat" }, { "product_name" : "Red Hat Satellite 6.15 for RHEL 8", "release_date" : "2025-11-06T00:00:00Z", "advisory" : "RHSA-2025:19856", "cpe" : "cpe:/a:redhat:satellite_capsule:6.15::el8", "package" : "rubygem-rack-0:2.2.20-1.el8sat" }, { "product_name" : "Red Hat Satellite 6.16 for RHEL 8", "release_date" : "2025-11-06T00:00:00Z", "advisory" : "RHSA-2025:19855", "cpe" : "cpe:/a:redhat:satellite:6.16::el8", "package" : "rubygem-rack-0:2.2.20-1.el8sat" }, { "product_name" : "Red Hat Satellite 6.16 for RHEL 8", "release_date" : "2025-11-06T00:00:00Z", "advisory" : "RHSA-2025:19855", "cpe" : "cpe:/a:redhat:satellite_capsule:6.16::el8", "package" : "rubygem-rack-0:2.2.20-1.el8sat" }, { "product_name" : "Red Hat Satellite 6.16 for RHEL 9", "release_date" : "2025-11-06T00:00:00Z", "advisory" : "RHSA-2025:19855", "cpe" : "cpe:/a:redhat:satellite:6.16::el9", "package" : "rubygem-rack-0:2.2.20-1.el9sat" }, { "product_name" : "Red Hat Satellite 6.16 for RHEL 9", "release_date" : "2025-11-06T00:00:00Z", "advisory" : "RHSA-2025:19855", "cpe" : "cpe:/a:redhat:satellite_capsule:6.16::el9", "package" : "rubygem-rack-0:2.2.20-1.el9sat" }, { "product_name" : "Red Hat Satellite 6.17 for RHEL 9", "release_date" : "2025-11-05T00:00:00Z", "advisory" : "RHSA-2025:19832", "cpe" : "cpe:/a:redhat:satellite:6.17::el9", "package" : "rubygem-rack-0:2.2.20-1.el9sat" }, { "product_name" : "Red Hat Satellite 6.17 for RHEL 9", "release_date" : "2025-11-05T00:00:00Z", "advisory" : "RHSA-2025:19832", "cpe" : "cpe:/a:redhat:satellite_capsule:6.17::el9", "package" : "rubygem-rack-0:2.2.20-1.el9sat" } ], "package_state" : [ { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/cluster-logging-operator-bundle", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/cluster-logging-rhel9-operator", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/eventrouter-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/fluentd-rhel8", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/fluentd-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/log-file-metric-exporter-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/logging-view-plugin-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/vector-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/grafana-rhel8", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-cni-rhel8", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-must-gather-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-operator-bundle", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-rhel8-operator", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/pilot-rhel8", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/proxyv2-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/ratelimit-rhel8", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp21/zync", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp22/zync", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp24/zync", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp25/zync", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp26/zync", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp2/zync-rhel7", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp2/zync-rhel8", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "3scale-amp2/zync-rhel9", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "ruby", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "ruby", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "ruby", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "ruby:2.5/ruby", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "ruby:3.3/ruby", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "ruby", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "ruby:3.3/ruby", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "rhcos", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-cinder-backup", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-cinder-volume", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-haproxy", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-manila-share", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-mariadb", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-ovn-northd", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-rabbitmq", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-redis", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Affected", "package_name" : "satellite:el8/rubygem-rack", "cpe" : "cpe:/a:redhat:satellite:6" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-61919\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-61919\nhttps://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881\nhttps://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db\nhttps://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f\nhttps://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm" ], "name" : "CVE-2025-61919", "mitigation" : { "value" : "No mitigation is currently available that meets Red Hat Product Security's standards for usability, deployment, applicability, or stability beyond these configuration-based workarounds.", "lang" : "en:us" }, "csaw" : false }