CVE-2022-44566
09.02.2023, 20:15
A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service.Enginsight
| Vendor | Product | Version |
|---|---|---|
| activerecord_project | activerecord | 𝑥 < 6.1.7.1 |
| activerecord_project | activerecord | 7.0.0 ≤ 𝑥 < 7.0.4.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| rails |
| ||||||||||||||||||
| rails-4.0 |
| ||||||||||||||||||
| ruby-actionpack-3.2 |
| ||||||||||||||||||
| ruby-activemodel-3.2 |
| ||||||||||||||||||
| ruby-activerecord-3.2 |
| ||||||||||||||||||
| ruby-activesupport-3.2 |
| ||||||||||||||||||
| ruby-rails-3.2 |
|
References