VYPR
High severityNVD Advisory· Published Feb 9, 2023· Updated Mar 25, 2025

CVE-2022-44566

CVE-2022-44566

Description

A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
activerecordRubyGems
< 6.1.7.16.1.7.1
activerecordRubyGems
>= 7.0.0, < 7.0.4.17.0.4.1

Affected products

9

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.