2232729 – (CVE-2023-40175) CVE-2023-40175 rubygem-puma: HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers

Bug 2232729 (CVE-2023-40175) - CVE-2023-40175 rubygem-puma: HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers

Summary: CVE-2023-40175 rubygem-puma: HTTP request smuggling when parsing chunked tran...

Keywords:
Status:	NEW
Alias:	CVE-2023-40175
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2235332 2232730 2232731 2232732 2232733 2235331
Blocks:	2232734
TreeView+	depends on / blocked

Reported:	2023-08-18 08:38 UTC by TEJ RATHI
Modified:	2024-02-13 14:42 UTC (History)
CC List:	20 users (show)
Fixed In Version:	puma 6.3.1, puma 5.6.7
Doc Type:	If docs needed, set a value
Doc Text:	An HTTP request smuggling attack vulnerability was found in Rubygem Puma. This flaw allows an attacker to gain unauthorized access to sensitive data due to an inconsistent interpretation of HTTP requests.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:0797	0	None	None	None	2024-02-13 14:42:46 UTC

Description TEJ RATHI 2023-08-18 08:38:26 UTC

Prior to version 6.3.1, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling.

Affects versions 6.3.0 and prior, 5.6.6 and prior.

https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8
https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a (commit)
https://github.com/puma/puma/commit/e7fa02c1757ce82007fadabc2a0c33b96990dddc (release_notes v6.3.1)
https://github.com/puma/puma/commit/99da3a9866fb17019136c654f43a7b4c2ea4139e (release_notes v5.6.7)

Comment 2 ybuenos 2023-08-28 13:40:31 UTC

Created rubygem-puma tracking bugs for this issue:

Affects: fedora-37 [bug 2235331]
Affects: fedora-38 [bug 2235332]

Comment 3 errata-xmlrpc 2024-02-13 14:42:45 UTC

This issue has been addressed in the following products:

  Red Hat Satellite 6.14 for RHEL 8

Via RHSA-2024:0797 https://access.redhat.com/errata/RHSA-2024:0797

Note You need to log in before you can comment on or make changes to this bug.

amasferr
bbuckingham
bcourt
caswilli
chazlett
dhalasz
ehelms
jsherril
kaycoth
lzap
mhulan
mkudlej
nmoumoul
orabin
pcreech
rchan
sthirugn
tjochec
vkrizan
vmugicag