← back
CVE-2025-61919

Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing

CVSS 7.5 HIGHEPSS 0.6%CWE-400
In short

Rack web servers can be crashed by sending very large form data requests that consume all available memory. An attacker can exploit this by submitting oversized URL-encoded forms, causing the server to run out of memory and stop responding.

Technical detail

Rack::Request#POST in versions prior to 2.2.20, 3.1.18, and 3.2.3 performs unbounded buffering of application/x-www-form-urlencoded request bodies via rack.input.read(nil), lacking enforced size limits. An unauthenticated remote attacker can send a large POST request with Content-Type: application/x-www-form-urlencoded to exhaust server memory and trigger denial of service. Mitigation requires upgrading to patched versions and enforcing body size limits at the proxy/web server layer.

Summary generated and translated by AI from the official description.
Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
rack · rack

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9dbhttps://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146fhttps://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm