CVE-2026-34831

Published: Apr 02, 2026 Last Modified: Apr 02, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 4,8
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: none

Description

AI Translation Available

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Files#fail sets the Content-Length response header using String#size instead of String#bytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the number of bytes actually sent on the wire. Because Rack::Files reflects the requested path in 404 responses, an attacker can trigger this mismatch by requesting a non-existent path containing percent-encoded UTF-8 characters. This results in incorrect HTTP response framing and may cause response desynchronization in deployments that rely on the incorrect Content-Length value. This issue has been patched in versions 2.2.23, 3.1.21, and 3.2.6.

130

Improper Handling of Length Parameter Inconsistency

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity
Potential Impacts:
Read Memory Modify Memory Varies By Context
Applicable Platforms
Languages: C, C++, Not Language-Specific
View CWE Details
135

Incorrect Calculation of Multi-Byte String Length

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Execute Unauthorized Code Or Commands Read Memory Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory)
Applicable Platforms
Languages: C, C++
View CWE Details
https://github.com/rack/rack/security/advisories/GHSA-q2ww-…
https://github.com/rack/rack/security/advisories/GHSA-q2ww-5357-x388