Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-cmcx-xhr8-3w9p

Опубликовано: 20 фев. 2020
Источник: github
Github: Прошло ревью
CVSS3: 5.7

Описание

Denial of Service in uap-core when processing crafted User-Agent strings

Impact

Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings.

Patches

Please update uap-core to >= v0.7.3

Downstream packages such as uap-python, uap-ruby etc which depend upon uap-core follow different version schemes.

Details

Each vulnerable regular expression reported here contains 3 overlapping capture groups. Backtracking has approximately cubic time complexity with respect to the length of the user-agent string.

Regex 1:

\bSmartWatch *\( *([^;]+) *; *([^;]+) *;

is vulnerable in portion *([^;]+) * and can be attacked with

"SmartWatch(" + (" " * 3500) + "z"

e.g.

SmartWatch( z

Regex 2:

; *([^;/]+) Build[/ ]Huawei(MT1-U06|[A-Z]+\d+[^\);]+)[^\);]*\)

is vulnerable in portion \d+[^\);]+[^\);]* and can be attacked with

";A Build HuaweiA" + ("4" * 3500) + "z"

Regex 3:

(HbbTV)/[0-9]+\.[0-9]+\.[0-9]+ \([^;]*; *(LG)E *; *([^;]*) *;[^;]*;[^;]*;\)

is vulnerable in portion *([^;]*) * and can be attacked with

"HbbTV/0.0.0 (;LGE;" + (" " * 3500) + "z"

Regex 4:

(HbbTV)/[0-9]+\.[0-9]+\.[0-9]+ \([^;]*; *(?:CUS:([^;]*)|([^;]+)) *; *([^;]*) *;.*;

is vulnerable in portions *(?:CUS:([^;]*)|([^;]+)) * and *([^;]*) * and can be attacked with

"HbbTV/0.0.0 (;CUS:;" + (" " * 3500) + "z" "HbbTV/0.0.0 (;" + (" " * 3500) + "z" "HbbTV/0.0.0 (;z;" + (" " * 3500) + "z"

Reported by Ben Caller @bcaller

Ссылки

Пакеты

Наименование

uap-core

npm
Затронутые версииВерсия исправления

< 0.7.3

0.7.3

Наименование

user_agent_parser

rubygems
Затронутые версииВерсия исправления

< 2.6.0

2.6.0

EPSS

Процентиль: 74%
0.00805
Низкий

5.7 Medium

CVSS3

CVE ID

CVE-2020-5243

Дефекты

CWE-1333
CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2020-5243

CVSS3: 5.7
ubuntu
почти 6 лет назад

uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This has been patched in uap-core 0.7.3.

nvd логотип

CVE-2020-5243

CVSS3: 5.7
nvd
почти 6 лет назад

uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This has been patched in uap-core 0.7.3.

debian логотип

CVE-2020-5243

CVSS3: 5.7
debian
почти 6 лет назад

uap-core before 0.7.3 is vulnerable to a denial of service attack when ...

EPSS

Процентиль: 74%
0.00805
Низкий

5.7 Medium

CVSS3

CVE ID

CVE-2020-5243

Дефекты

CWE-1333
CWE-20