Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
Description
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory (OOM) conditions. Remote attackers can trigger large transient memory spikes by including a long preamble in multipart/form-data requests. The impact scales with allowed request sizes and concurrency, potentially causing worker crashes or severe slowdown due to garbage collection. Versions 2.2.19, 3.1.17, and 3.2.2 enforce a preamble size limit (e.g., 16 KiB) or discard preamble data entirely. Workarounds include limiting total request body size at the proxy or web server level and monitoring memory and set per-process limits to prevent OOM conditions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rackRubyGems | < 2.2.19 | 2.2.19 |
rackRubyGems | >= 3.1, < 3.1.17 | 3.1.17 |
rackRubyGems | >= 3.2, < 3.2.2 | 3.2.2 |
Affected products
145- osv-coords144 versionspkg:apk/chainguard/gitaly-config-18.2pkg:apk/chainguard/gitaly-config-18.3pkg:apk/chainguard/gitaly-config-18.4pkg:apk/chainguard/gitlab-base-18.2pkg:apk/chainguard/gitlab-base-18.3pkg:apk/chainguard/gitlab-base-18.4pkg:apk/chainguard/gitlab-certificates-18.2pkg:apk/chainguard/gitlab-certificates-18.3pkg:apk/chainguard/gitlab-certificates-18.4pkg:apk/chainguard/gitlab-cfssl-self-sign-scripts-18.2pkg:apk/chainguard/gitlab-cfssl-self-sign-scripts-18.3pkg:apk/chainguard/gitlab-cfssl-self-sign-scripts-18.4pkg:apk/chainguard/gitlab-cng-18.2pkg:apk/chainguard/gitlab-cng-18.3pkg:apk/chainguard/gitlab-cng-18.4pkg:apk/chainguard/gitlab-container-registry-18.2pkg:apk/chainguard/gitlab-container-registry-18.3pkg:apk/chainguard/gitlab-container-registry-18.4pkg:apk/chainguard/gitlab-container-registry-scripts-18.2pkg:apk/chainguard/gitlab-container-registry-scripts-18.3pkg:apk/chainguard/gitlab-container-registry-scripts-18.4pkg:apk/chainguard/gitlab-exporter-18.2pkg:apk/chainguard/gitlab-exporter-18.3pkg:apk/chainguard/gitlab-exporter-18.4pkg:apk/chainguard/gitlab-exporter-scripts-18.2pkg:apk/chainguard/gitlab-exporter-scripts-18.3pkg:apk/chainguard/gitlab-exporter-scripts-18.4pkg:apk/chainguard/gitlab-gitaly-scripts-18.2pkg:apk/chainguard/gitlab-gitaly-scripts-18.3pkg:apk/chainguard/gitlab-gitaly-scripts-18.4pkg:apk/chainguard/gitlab-logger-18.2pkg:apk/chainguard/gitlab-logger-18.3pkg:apk/chainguard/gitlab-logger-18.4pkg:apk/chainguard/gitlab-logger-compat-18.2pkg:apk/chainguard/gitlab-logger-compat-18.3pkg:apk/chainguard/gitlab-pages-scripts-18.2pkg:apk/chainguard/gitlab-pages-scripts-18.3pkg:apk/chainguard/gitlab-pages-scripts-18.4pkg:apk/chainguard/gitlab-rails-ce-18.1pkg:apk/chainguard/gitlab-rails-scripts-18.2pkg:apk/chainguard/gitlab-rails-scripts-18.3pkg:apk/chainguard/gitlab-rails-scripts-18.4pkg:apk/chainguard/gitlab-shell-18.2pkg:apk/chainguard/gitlab-shell-18.3pkg:apk/chainguard/gitlab-shell-18.4pkg:apk/chainguard/gitlab-shell-scripts-18.2pkg:apk/chainguard/gitlab-shell-scripts-18.3pkg:apk/chainguard/gitlab-shell-scripts-18.4pkg:apk/chainguard/gitlab-shell-scripts-compat-18.2pkg:apk/chainguard/gitlab-shell-scripts-compat-18.3pkg:apk/chainguard/gitlab-sidekiq-ce-18.2pkg:apk/chainguard/gitlab-sidekiq-ce-18.3pkg:apk/chainguard/gitlab-sidekiq-ce-18.4pkg:apk/chainguard/gitlab-toolbox-ce-18.2pkg:apk/chainguard/gitlab-toolbox-ce-18.3pkg:apk/chainguard/gitlab-toolbox-ce-18.4pkg:apk/chainguard/gitlab-webservice-ce-18.2pkg:apk/chainguard/gitlab-webservice-ce-18.3pkg:apk/chainguard/gitlab-webservice-ce-18.4pkg:apk/chainguard/gitlab-workhorse-scripts-18.2pkg:apk/chainguard/gitlab-workhorse-scripts-18.3pkg:apk/chainguard/gitlab-workhorse-scripts-18.4pkg:apk/chainguard/logstash-8.17pkg:apk/chainguard/logstash-8.17-bitnami-compatpkg:apk/chainguard/logstash-8.17-compatpkg:apk/chainguard/logstash-8.17-env2yamlpkg:apk/chainguard/logstash-8.17-iamguarded-compatpkg:apk/chainguard/logstash-8.17-with-output-opensearchpkg:apk/chainguard/logstash-8.18pkg:apk/chainguard/logstash-8.18-bitnami-compatpkg:apk/chainguard/logstash-8.18-compatpkg:apk/chainguard/logstash-8.18-env2yamlpkg:apk/chainguard/logstash-8.18-iamguarded-compatpkg:apk/chainguard/logstash-8.18-with-output-opensearchpkg:apk/chainguard/logstash-8.19pkg:apk/chainguard/logstash-8.19-compatpkg:apk/chainguard/logstash-8.19-env2yamlpkg:apk/chainguard/logstash-8.19-iamguarded-compatpkg:apk/chainguard/logstash-8.19-with-output-opensearchpkg:apk/chainguard/logstash-9.0pkg:apk/chainguard/logstash-9.0-bitnami-compatpkg:apk/chainguard/logstash-9.0-compatpkg:apk/chainguard/logstash-9.0-env2yamlpkg:apk/chainguard/logstash-9.0-iamguarded-compatpkg:apk/chainguard/logstash-9.0-with-output-opensearchpkg:apk/chainguard/logstash-9.1pkg:apk/chainguard/logstash-9.1-bitnami-compatpkg:apk/chainguard/logstash-9.1-compatpkg:apk/chainguard/logstash-9.1-env2yamlpkg:apk/chainguard/logstash-9.1-iamguarded-compatpkg:apk/chainguard/logstash-9.1-with-output-opensearchpkg:apk/chainguard/ruby3.2-rack-2.2pkg:apk/chainguard/ruby3.2-rails-7.2pkg:apk/chainguard/ruby3.2-rails-7.2-compatpkg:apk/chainguard/ruby3.2-rails-8.0pkg:apk/chainguard/ruby3.2-rails-8.0-compatpkg:apk/chainguard/ruby3.3-rack-2.2pkg:apk/chainguard/ruby3.3-rails-7.2pkg:apk/chainguard/ruby3.3-rails-7.2-compatpkg:apk/chainguard/ruby3.3-rails-8.0pkg:apk/chainguard/ruby3.3-rails-8.0-compatpkg:apk/chainguard/ruby3.4-rack-2.2pkg:apk/chainguard/ruby3.4-rails-7.2pkg:apk/chainguard/ruby3.4-rails-7.2-compatpkg:apk/chainguard/ruby3.4-rails-8.0pkg:apk/chainguard/ruby3.4-rails-8.0-compatpkg:apk/chainguard/ruby4.0-rack-2.2pkg:apk/wolfi/gitaly-config-18.2pkg:apk/wolfi/gitlab-base-18.2pkg:apk/wolfi/gitlab-certificates-18.2pkg:apk/wolfi/gitlab-cfssl-self-sign-scripts-18.2pkg:apk/wolfi/gitlab-cng-18.2pkg:apk/wolfi/gitlab-container-registry-18.2pkg:apk/wolfi/gitlab-container-registry-scripts-18.2pkg:apk/wolfi/gitlab-exporter-18.2pkg:apk/wolfi/gitlab-exporter-scripts-18.2pkg:apk/wolfi/gitlab-gitaly-scripts-18.2pkg:apk/wolfi/gitlab-logger-18.2pkg:apk/wolfi/gitlab-logger-compat-18.2pkg:apk/wolfi/gitlab-pages-scripts-18.2pkg:apk/wolfi/gitlab-shell-18.2pkg:apk/wolfi/gitlab-shell-scripts-18.2pkg:apk/wolfi/gitlab-shell-scripts-compat-18.2pkg:apk/wolfi/logstash-9.1pkg:apk/wolfi/logstash-9.1-bitnami-compatpkg:apk/wolfi/logstash-9.1-compatpkg:apk/wolfi/logstash-9.1-env2yamlpkg:apk/wolfi/logstash-9.1-iamguarded-compatpkg:apk/wolfi/logstash-9.1-with-output-opensearchpkg:apk/wolfi/ruby3.2-rack-2.2pkg:apk/wolfi/ruby3.2-rails-8.0pkg:apk/wolfi/ruby3.2-rails-8.0-compatpkg:apk/wolfi/ruby3.3-rack-2.2pkg:apk/wolfi/ruby3.3-rails-8.0pkg:apk/wolfi/ruby3.3-rails-8.0-compatpkg:apk/wolfi/ruby3.4-rack-2.2pkg:apk/wolfi/ruby3.4-rails-8.0pkg:apk/wolfi/ruby3.4-rails-8.0-compatpkg:apk/wolfi/ruby4.0-rack-2.2pkg:gem/rackpkg:rpm/almalinux/cockpit-ha-clusterpkg:rpm/almalinux/pcspkg:rpm/almalinux/pcs-snmppkg:rpm/opensuse/rubygem-rack-2.2&distro=openSUSE%20Tumbleweed
< 18.2.8-r0+ 143 more
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.3.4-r0
- (no CPE)range: < 18.4.2-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.3.4-r0
- (no CPE)range: < 18.4.2-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.3.4-r0
- (no CPE)range: < 18.4.2-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.3.4-r0
- (no CPE)range: < 18.4.2-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.3.4-r0
- (no CPE)range: < 18.4.2-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.3.4-r0
- (no CPE)range: < 18.4.2-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.3.4-r0
- (no CPE)range: < 18.4.2-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.3.4-r0
- (no CPE)range: < 18.4.2-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.3.4-r0
- (no CPE)range: < 18.4.2-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.3.4-r0
- (no CPE)range: < 18.4.2-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.3.4-r0
- (no CPE)range: < 18.4.2-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.3.4-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.3.4-r0
- (no CPE)range: < 18.4.2-r0
- (no CPE)range: < 18.1.6-r13
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.3.4-r0
- (no CPE)range: < 18.4.2-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.3.4-r0
- (no CPE)range: < 18.4.2-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.3.4-r0
- (no CPE)range: < 18.4.2-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.3.4-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.3.4-r0
- (no CPE)range: < 18.4.2-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.3.4-r0
- (no CPE)range: < 18.4.2-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.3.4-r0
- (no CPE)range: < 18.4.2-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.3.4-r0
- (no CPE)range: < 18.4.2-r0
- (no CPE)range: < 8.17.10-r3
- (no CPE)range: < 8.17.10-r3
- (no CPE)range: < 8.17.10-r3
- (no CPE)range: < 8.17.10-r3
- (no CPE)range: < 8.17.10-r3
- (no CPE)range: < 8.17.10-r3
- (no CPE)range: < 8.18.8-r1
- (no CPE)range: < 8.18.8-r1
- (no CPE)range: < 8.18.8-r1
- (no CPE)range: < 8.18.8-r1
- (no CPE)range: < 8.18.8-r1
- (no CPE)range: < 8.18.8-r1
- (no CPE)range: < 8.19.5-r1
- (no CPE)range: < 8.19.5-r1
- (no CPE)range: < 8.19.5-r1
- (no CPE)range: < 8.19.5-r1
- (no CPE)range: < 8.19.5-r1
- (no CPE)range: < 9.0.8-r1
- (no CPE)range: < 9.0.8-r1
- (no CPE)range: < 9.0.8-r1
- (no CPE)range: < 9.0.8-r1
- (no CPE)range: < 9.0.8-r1
- (no CPE)range: < 9.0.8-r1
- (no CPE)range: < 9.1.5-r1
- (no CPE)range: < 9.1.5-r1
- (no CPE)range: < 9.1.5-r1
- (no CPE)range: < 9.1.5-r1
- (no CPE)range: < 9.1.5-r1
- (no CPE)range: < 9.1.5-r1
- (no CPE)range: < 2.2.22-r0
- (no CPE)range: < 7.2.2.2-r1
- (no CPE)range: < 7.2.2.2-r1
- (no CPE)range: < 8.0.3-r1
- (no CPE)range: < 8.0.3-r1
- (no CPE)range: < 2.2.22-r0
- (no CPE)range: < 7.2.2.2-r1
- (no CPE)range: < 7.2.2.2-r1
- (no CPE)range: < 8.0.3-r1
- (no CPE)range: < 8.0.3-r1
- (no CPE)range: < 2.2.22-r0
- (no CPE)range: < 7.2.2.2-r1
- (no CPE)range: < 7.2.2.2-r1
- (no CPE)range: < 8.0.3-r1
- (no CPE)range: < 8.0.3-r1
- (no CPE)range: < 2.2.22-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 18.2.8-r0
- (no CPE)range: < 9.1.5-r1
- (no CPE)range: < 9.1.5-r1
- (no CPE)range: < 9.1.5-r1
- (no CPE)range: < 9.1.5-r1
- (no CPE)range: < 9.1.5-r1
- (no CPE)range: < 9.1.5-r1
- (no CPE)range: < 2.2.22-r0
- (no CPE)range: < 8.0.3-r1
- (no CPE)range: < 8.0.3-r1
- (no CPE)range: < 2.2.22-r0
- (no CPE)range: < 8.0.3-r1
- (no CPE)range: < 8.0.3-r1
- (no CPE)range: < 2.2.22-r0
- (no CPE)range: < 8.0.3-r1
- (no CPE)range: < 8.0.3-r1
- (no CPE)range: < 2.2.22-r0
- (no CPE)range: < 2.2.19
- (no CPE)range: < 0.12.1-1.el10_1.1
- (no CPE)range: < 0.10.18-2.el8_10.7.alma.1
- (no CPE)range: < 0.10.18-2.el8_10.7.alma.1
- (no CPE)range: < 2.2.19-1.1
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-p543-xpfm-54cpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-61770ghsaADVISORY
- github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181eghsax_refsource_MISCWEB
- github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29eghsax_refsource_MISCWEB
- github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fdghsax_refsource_MISCWEB
- github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cpghsax_refsource_CONFIRMWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.ymlghsaWEB
News mentions
0No linked articles in our index yet.