CVE-2023-27539
Published: 22 March 2023
Possible Denial of Service Vulnerability in Rack’s header parsing
Priority
Status
Package | Release | Status |
---|---|---|
ruby-rack Launchpad, Ubuntu, Debian |
bionic |
Released
(1.6.4-4ubuntu0.2+esm5)
Available with Ubuntu Pro |
focal |
Released
(2.0.7-2ubuntu0.1+esm4)
Available with Ubuntu Pro |
|
jammy |
Released
(2.1.4-5ubuntu1+esm4)
Available with Ubuntu Pro |
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
lunar |
Ignored
(end of life, was needs-triage)
|
|
mantic |
Released
(2.2.4-3ubuntu0.1)
|
|
noble |
Not vulnerable
(2.2.7-1)
|
|
trusty |
Released
(1.5.2-3+deb8u3ubuntu1~esm7)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(2.2.6.4-1)
|
|
xenial |
Released
(1.6.4-3ubuntu0.2+esm5)
Available with Ubuntu Pro |
|
Patches: upstream: https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c upstream: https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff |