CVE-2022-44566

A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service.

Published: Feb 9, 2023
Updated: May 9, 2024
CVE: CVE-2022-44566
GHSA: GHSA-579w-22j4-4749
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
activerecord_project / activerecord	7.0.0	7.0.4.1
activerecord_project / activerecord	-	6.1.7.1
activerecord	6.0.0	6.1.7.1
activerecord	7.0.0	7.0.4.1

https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html
https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119
https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf
https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b
https://github.com/rails/rails/releases/tag/v6.1.7.1
https://github.com/rails/rails/releases/tag/v7.0.4.1
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml
https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15
https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

Vulnerability Database

289,697

CVE-2022-44566