Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2022-44566

Published: Feb 09, 2023 | Modified: Jun 23, 2023
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2022-44566
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

A denial of service vulnerability present in ActiveRecords PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service.

Affected Software

Name Vendor Start Version End Version
Activerecord Activerecord_project * 6.1.7.1 (excluding)
Activerecord Activerecord_project 7.0.0 (including) 7.0.4.1 (excluding)
Red Hat Satellite 6.14 for RHEL 8 RedHat rubygem-activerecord-0:6.1.7.3-1.el8sat *
Rails Ubuntu bionic *
Rails Ubuntu kinetic *
Rails Ubuntu lunar *
Rails Ubuntu mantic *
Rails Ubuntu trusty *
Rails Ubuntu xenial *
Rails-4.0 Ubuntu trusty *
Ruby-actionpack-3.2 Ubuntu trusty *
Ruby-activemodel-3.2 Ubuntu trusty *
Ruby-activerecord-3.2 Ubuntu trusty *
Ruby-activesupport-3.2 Ubuntu trusty *
Ruby-rails-3.2 Ubuntu trusty *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use