CVE-2022-44566: 
Ruby vulnerability analysis and mitigation

A denial of service vulnerability was discovered in ActiveRecord's PostgreSQL adapter versions <7.0.4.1 and <6.1.7.1, identified as CVE-2022-44566. When a value outside the range for a 64-bit signed integer is provided to the PostgreSQL connection adapter, it treats the target column type as numeric, which can lead to performance issues (Rails Discussion, Jeremy Evans Blog).

The vulnerability occurs when comparing integer values against numeric values in PostgreSQL queries. When an integer value outside the bigint range is used, PostgreSQL implicitly casts it to numeric type. This casting prevents the use of indexes on the column, forcing a sequential scan that can be significantly slower - up to 1000 times worse performance compared to indexed queries (Jeremy Evans Blog).

The vulnerability can result in a denial of service condition due to the forced sequential scans on database queries. For large tables, this can cause significant performance degradation, potentially making the database operations extremely slow and resource-intensive (Jeremy Evans Blog).

Several mitigation strategies are available: using bound variables, validating integer values before queries to ensure they're within the bigint range, explicitly casting to the appropriate type, or using the fixed versions (Rails 7.0.4.1 and 6.1.7.1). For users unable to upgrade immediately, patches are available for the supported release series (Rails Discussion, Jeremy Evans Blog).