Published: 09/02/2023 Updated: 23/06/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
activerecord project activerecord

Debian Bug report logs - #1030050 rails: CVE-2023-22796 CVE-2023-22795 CVE-2023-22794 CVE-2023-22792 CVE-2022-44566 Package: src:rails; Maintainer for src:rails is Debian Ruby Team <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Mon, 30 Jan 2023 18:00:01 UT ...

Description This CVE is under investigation by Red Hat Product Security ...

NVD-CWE-Other https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2022-44566

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-44566

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect