Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`).
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:19513 https://access.redhat.com/errata/RHSA-2025:19513
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:19512 https://access.redhat.com/errata/RHSA-2025:19512
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2025:19647 https://access.redhat.com/errata/RHSA-2025:19647
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:19719 https://access.redhat.com/errata/RHSA-2025:19719
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:19733 https://access.redhat.com/errata/RHSA-2025:19733
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:19734 https://access.redhat.com/errata/RHSA-2025:19734
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:19736 https://access.redhat.com/errata/RHSA-2025:19736
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:19800 https://access.redhat.com/errata/RHSA-2025:19800
This issue has been addressed in the following products: Red Hat Satellite 6.17 for RHEL 9 Via RHSA-2025:19832 https://access.redhat.com/errata/RHSA-2025:19832
This issue has been addressed in the following products: Red Hat Satellite 6.16 for RHEL 8 Red Hat Satellite 6.16 for RHEL 9 Via RHSA-2025:19855 https://access.redhat.com/errata/RHSA-2025:19855
This issue has been addressed in the following products: Red Hat Satellite 6.15 for RHEL 8 Via RHSA-2025:19856 https://access.redhat.com/errata/RHSA-2025:19856
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2025:19948 https://access.redhat.com/errata/RHSA-2025:19948
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:20962 https://access.redhat.com/errata/RHSA-2025:20962
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:21036 https://access.redhat.com/errata/RHSA-2025:21036
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2025:21696 https://access.redhat.com/errata/RHSA-2025:21696