Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-3225

lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.

Related bugs and status

CVE-2015-3225 (Candidate) is related to these bugs:

Bug #1990575: [MIR] Promote ruby-rack to main as a pcs indirect dependency

Summary				In	Importance	Status
	1990575	[MIR] Promote ruby-rack to main as a pcs indirect dependency		ruby-rack (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2015061...
MLIST: [rubyonrails-security]...
CONFIRM: https://github.com/rac...
DEBIAN: DSA-3322
SUSE: openSUSE-SU-2015:1259
SUSE: openSUSE-SU-2015:1262
SUSE: openSUSE-SU-2015:1263
BID: 75232
REDHAT: RHSA-2015:2290
FEDORA: FEDORA-2015-12979
FEDORA: FEDORA-2015-12978