Vulnerability-Lookup

CVE-2020-5243 (GCVE-0-2020-5243)

Vulnerability from cvelistv5 – Published: 2020-02-20 23:15 – Updated: 2024-08-04 08:22

Title

Denial of Service in uap-core when processing crafted User-Agent strings

Summary

uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This has been patched in uap-core 0.7.3.

Severity ?

5.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	ua-parser	uap-core	Affected: < 0.7.3

FKIE_CVE-2020-5243

Vulnerability from fkie_nvd - Published: 2020-02-21 00:15 - Updated: 2024-11-21 05:33

Severity ?

5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/ua-parser/uap-core/commit/0afd61ed85396a3b5316f18bfd1edfaadf8e88e1	Patch
security-advisories@github.com	https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/ua-parser/uap-core/commit/0afd61ed85396a3b5316f18bfd1edfaadf8e88e1	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	uap-core_project	uap-core	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:uap-core_project:uap-core:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "01D32B5D-738D-4349-B7E5-18C9F1B66947",
              "versionEndExcluding": "0.7.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This has been patched in uap-core 0.7.3."
    },
    {
      "lang": "es",
      "value": "uap-core versiones anteriores a 0.7.3, es vulnerable a un ataque de denegaci\u00f3n de servicio cuando se procesan cadenas de User-Agent dise\u00f1adas. Algunas expresiones regulares son vulnerables a una denegaci\u00f3n de servicio de expresi\u00f3n regular (REDoS) debido a una superposici\u00f3n de grupos de captura. Esto permite a atacantes remotos sobrecargar un servidor mediante la configuraci\u00f3n del encabezado User-Agent en una petici\u00f3n HTTP(S) para cadenas largas dise\u00f1adas maliciosamente. Esto ha sido parcheado en uap-core versi\u00f3n 0.7.3."
    }
  ],
  "id": "CVE-2020-5243",
  "lastModified": "2024-11-21T05:33:45.043",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-21T00:15:10.960",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/ua-parser/uap-core/commit/0afd61ed85396a3b5316f18bfd1edfaadf8e88e1"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/ua-parser/uap-core/commit/0afd61ed85396a3b5316f18bfd1edfaadf8e88e1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1333"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-CMCX-XHR8-3W9P

Vulnerability from github – Published: 2020-02-20 23:26 – Updated: 2024-02-08 22:49

Summary

Denial of Service in uap-core when processing crafted User-Agent strings

Details

Impact

Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings.

Patches

Please update uap-core to &gt;= v0.7.3

Downstream packages such as uap-python, uap-ruby etc which depend upon uap-core follow different version schemes.

Details

Each vulnerable regular expression reported here contains 3 overlapping capture groups. Backtracking has approximately cubic time complexity with respect to the length of the user-agent string.

Regex 1:

\bSmartWatch *\( *([^;]+) *; *([^;]+) *;

is vulnerable in portion *([^;]+) * and can be attacked with

&amp;amp;quot;SmartWatch(&amp;amp;quot; + (&amp;amp;quot; &amp;amp;quot; * 3500) + &amp;amp;quot;z&amp;amp;quot;

e.g.

SmartWatch(                                   z

Regex 2:

; *([^;/]+) Build[/ ]Huawei(MT1-U06|[A-Z]+\d+[^\);]+)[^\);]*\)

is vulnerable in portion \d+[^\);]+[^\);]* and can be attacked with

&amp;amp;quot;;A Build HuaweiA&amp;amp;quot; + (&amp;amp;quot;4&amp;amp;quot; * 3500) + &amp;amp;quot;z&amp;amp;quot;

Regex 3:

(HbbTV)/[0-9]+\.[0-9]+\.[0-9]+ \([^;]*; *(LG)E *; *([^;]*) *;[^;]*;[^;]*;\)

is vulnerable in portion *([^;]*) * and can be attacked with

&amp;amp;quot;HbbTV/0.0.0 (;LGE;&amp;amp;quot; + (&amp;amp;quot; &amp;amp;quot; * 3500) + &amp;amp;quot;z&amp;amp;quot;

Regex 4:

(HbbTV)/[0-9]+\.[0-9]+\.[0-9]+ \([^;]*; *(?:CUS:([^;]*)|([^;]+)) *; *([^;]*) *;.*;

is vulnerable in portions *(?:CUS:([^;]*)|([^;]+)) * and *([^;]*) * and can be attacked with

&amp;amp;quot;HbbTV/0.0.0 (;CUS:;&amp;amp;quot; + (&amp;amp;quot; &amp;amp;quot; * 3500) + &amp;amp;quot;z&amp;amp;quot;
&amp;amp;quot;HbbTV/0.0.0 (;&amp;amp;quot; + (&amp;amp;quot; &amp;amp;quot; * 3500) + &amp;amp;quot;z&amp;amp;quot;
&amp;amp;quot;HbbTV/0.0.0 (;z;&amp;amp;quot; + (&amp;amp;quot; &amp;amp;quot; * 3500) + &amp;amp;quot;z&amp;amp;quot;

Reported by Ben Caller @bcaller

Severity ?

5.7 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "uap-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.7.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "user_agent_parser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-5243"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333",
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-02-20T23:09:32Z",
    "nvd_published_at": "2020-02-21T00:15:10Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nSome regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings.\n\n### Patches\n\nPlease update uap-core to \u0026amp;amp;gt;= v0.7.3\n\nDownstream packages such as uap-python, uap-ruby etc which depend upon uap-core follow different version schemes.\n\n### Details\n\nEach vulnerable regular expression reported here contains 3 overlapping capture groups. Backtracking has approximately cubic time complexity with respect to the length of the user-agent string.\n\n#### Regex 1:\n\n```\n\\bSmartWatch *\\( *([^;]+) *; *([^;]+) *;\n```\n\nis vulnerable in portion ` *([^;]+) *` and can be attacked with\n\n```python\n\u0026amp;amp;quot;SmartWatch(\u0026amp;amp;quot; + (\u0026amp;amp;quot; \u0026amp;amp;quot; * 3500) + \u0026amp;amp;quot;z\u0026amp;amp;quot;\n```\ne.g.\n```\nSmartWatch(                                   z\n```\n\n\n#### Regex 2:\n\n```\n; *([^;/]+) Build[/ ]Huawei(MT1-U06|[A-Z]+\\d+[^\\);]+)[^\\);]*\\)\n```\n\nis vulnerable in portion `\\d+[^\\);]+[^\\);]*` and can be attacked with\n\n```python\n\u0026amp;amp;quot;;A Build HuaweiA\u0026amp;amp;quot; + (\u0026amp;amp;quot;4\u0026amp;amp;quot; * 3500) + \u0026amp;amp;quot;z\u0026amp;amp;quot;\n```\n\n\n#### Regex 3:\n\n```\n(HbbTV)/[0-9]+\\.[0-9]+\\.[0-9]+ \\([^;]*; *(LG)E *; *([^;]*) *;[^;]*;[^;]*;\\)\n```\n\nis vulnerable in portion ` *([^;]*) *` and can be attacked with\n\n```python\n\u0026amp;amp;quot;HbbTV/0.0.0 (;LGE;\u0026amp;amp;quot; + (\u0026amp;amp;quot; \u0026amp;amp;quot; * 3500) + \u0026amp;amp;quot;z\u0026amp;amp;quot;\n```\n\n#### Regex 4:\n\n```\n(HbbTV)/[0-9]+\\.[0-9]+\\.[0-9]+ \\([^;]*; *(?:CUS:([^;]*)|([^;]+)) *; *([^;]*) *;.*;\n```\n\nis vulnerable in portions ` *(?:CUS:([^;]*)|([^;]+)) *` and ` *([^;]*) *` and can be attacked with\n\n```python\n\u0026amp;amp;quot;HbbTV/0.0.0 (;CUS:;\u0026amp;amp;quot; + (\u0026amp;amp;quot; \u0026amp;amp;quot; * 3500) + \u0026amp;amp;quot;z\u0026amp;amp;quot;\n\u0026amp;amp;quot;HbbTV/0.0.0 (;\u0026amp;amp;quot; + (\u0026amp;amp;quot; \u0026amp;amp;quot; * 3500) + \u0026amp;amp;quot;z\u0026amp;amp;quot;\n\u0026amp;amp;quot;HbbTV/0.0.0 (;z;\u0026amp;amp;quot; + (\u0026amp;amp;quot; \u0026amp;amp;quot; * 3500) + \u0026amp;amp;quot;z\u0026amp;amp;quot;\n```\n\nReported by Ben Caller @bcaller",
  "id": "GHSA-cmcx-xhr8-3w9p",
  "modified": "2024-02-08T22:49:51Z",
  "published": "2020-02-20T23:26:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ua-parser/uap-ruby/security/advisories/GHSA-pcqq-5962-hvcw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5243"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ua-parser/uap-core/commit/0afd61ed85396a3b5316f18bfd1edfaadf8e88e1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/user_agent_parser/CVE-2020-5243.yml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Denial of Service in uap-core when processing crafted User-Agent strings"
}

GSD-2020-5243

Vulnerability from gsd - Updated: 2020-03-10 00:00

Details

### Impact Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. ### Patches Please update `uap-ruby` to >= v2.6.0 ### For more information https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p

Aliases

CVE-2020-5243

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-5243",
    "description": "uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This has been patched in uap-core 0.7.3.",
    "id": "GSD-2020-5243"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "user_agent_parser",
            "purl": "pkg:gem/user_agent_parser"
          }
        }
      ],
      "aliases": [
        "CVE-2020-5243",
        "GHSA-pcqq-5962-hvcw"
      ],
      "details": "### Impact\nSome regexes are vulnerable to regular expression denial of service (REDoS) due to\noverlapping capture groups. This allows remote attackers to overload a server by\nsetting the User-Agent header in an HTTP(S) request to maliciously crafted long\nstrings.\n\n### Patches\nPlease update `uap-ruby` to \u0026gt;= v2.6.0\n\n### For more information\nhttps://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p",
      "id": "GSD-2020-5243",
      "modified": "2020-03-10T00:00:00.000Z",
      "published": "2020-03-10T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://github.com/ua-parser/uap-ruby/security/advisories/GHSA-pcqq-5962-hvcw"
        }
      ],
      "related": [
        "GHSA-cmcx-xhr8-3w9p"
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": 5.7,
          "type": "CVSS_V3"
        }
      ],
      "summary": "Denial of Service in uap-core when processing crafted User-Agent strings"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-5243",
        "STATE": "PUBLIC",
        "TITLE": "Denial of Service in uap-core when processing crafted User-Agent strings"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "uap-core",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 0.7.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "ua-parser"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This has been patched in uap-core 0.7.3."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-20: Improper Input Validation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p",
            "refsource": "CONFIRM",
            "url": "https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p"
          },
          {
            "name": "https://github.com/ua-parser/uap-core/commit/0afd61ed85396a3b5316f18bfd1edfaadf8e88e1",
            "refsource": "MISC",
            "url": "https://github.com/ua-parser/uap-core/commit/0afd61ed85396a3b5316f18bfd1edfaadf8e88e1"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-cmcx-xhr8-3w9p",
        "discovery": "UNKNOWN"
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2020-5243",
      "cvss_v3": 5.7,
      "date": "2020-03-10",
      "description": "### Impact\nSome regexes are vulnerable to regular expression denial of service (REDoS) due to\noverlapping capture groups. This allows remote attackers to overload a server by\nsetting the User-Agent header in an HTTP(S) request to maliciously crafted long\nstrings.\n\n### Patches\nPlease update `uap-ruby` to \u0026gt;= v2.6.0\n\n### For more information\nhttps://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p",
      "gem": "user_agent_parser",
      "ghsa": "pcqq-5962-hvcw",
      "patched_versions": [
        "\u003e= 2.6.0"
      ],
      "related": {
        "ghsa": [
          "cmcx-xhr8-3w9p"
        ]
      },
      "title": "Denial of Service in uap-core when processing crafted User-Agent strings",
      "url": "https://github.com/ua-parser/uap-ruby/security/advisories/GHSA-pcqq-5962-hvcw"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c0.7.3",
          "affected_versions": "All versions before 0.7.3",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-400",
            "CWE-937"
          ],
          "date": "2020-02-25",
          "description": "uap-core is vulnerable to a denial of service attack when processing crafted `User-Agent` strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the `User-Agent` header in an HTTP(S) request to maliciously crafted long strings. This has been patched in uap-core ",
          "fixed_versions": [
            "1.0.0"
          ],
          "identifier": "CVE-2020-5243",
          "identifiers": [
            "CVE-2020-5243",
            "GHSA-cmcx-xhr8-3w9p"
          ],
          "not_impacted": "All versions starting from 0.7.3",
          "package_slug": "gem/user_agent_parser",
          "pubdate": "2020-02-21",
          "solution": "Upgrade to version 1.0.0 or above.",
          "title": "Uncontrolled Resource Consumption",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-5243",
            "https://github.com/ua-parser/uap-core/commit/0afd61ed85396a3b5316f18bfd1edfaadf8e88e1",
            "https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p"
          ],
          "uuid": "f5418c3c-831c-4ba4-b2b4-d76b6db8d4c8"
        },
        {
          "affected_range": "\u003c0.7.3",
          "affected_versions": "All versions before 0.7.3",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-400",
            "CWE-937"
          ],
          "date": "2020-02-25",
          "description": "uap-core is vulnerable to a denial of service attack when processing crafted ````User-Agent```` strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the `````User-Agent````` header in an HTTP(S) request to maliciously crafted long strings.",
          "fixed_versions": [
            "0.7.3"
          ],
          "identifier": "CVE-2020-5243",
          "identifiers": [
            "CVE-2020-5243",
            "GHSA-cmcx-xhr8-3w9p"
          ],
          "not_impacted": "All versions starting from 0.7.3",
          "package_slug": "npm/uap-core",
          "pubdate": "2020-02-21",
          "solution": "Upgrade to version 0.7.3 or above.",
          "title": "Uncontrolled Resource Consumption",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-5243"
          ],
          "uuid": "12c0756f-5558-47d7-811e-c43bcdc8a6d2"
        }
      ]
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:uap-core_project:uap-core:*:*:*:*:*:node.js:*:*",
                    "matchCriteriaId": "01D32B5D-738D-4349-B7E5-18C9F1B66947",
                    "versionEndExcluding": "0.7.3",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This has been patched in uap-core 0.7.3."
          },
          {
            "lang": "es",
            "value": "uap-core versiones anteriores a 0.7.3, es vulnerable a un ataque de denegaci\u00f3n de servicio cuando se procesan cadenas de User-Agent dise\u00f1adas. Algunas expresiones regulares son vulnerables a una denegaci\u00f3n de servicio de expresi\u00f3n regular (REDoS) debido a una superposici\u00f3n de grupos de captura. Esto permite a atacantes remotos sobrecargar un servidor mediante la configuraci\u00f3n del encabezado User-Agent en una petici\u00f3n HTTP(S) para cadenas largas dise\u00f1adas maliciosamente. Esto ha sido parcheado en uap-core versi\u00f3n 0.7.3."
          }
        ],
        "id": "CVE-2020-5243",
        "lastModified": "2024-02-08T20:12:57.650",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 10.0,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.1,
              "impactScore": 3.6,
              "source": "security-advisories@github.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2020-02-21T00:15:10.960",
        "references": [
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Patch"
            ],
            "url": "https://github.com/ua-parser/uap-core/commit/0afd61ed85396a3b5316f18bfd1edfaadf8e88e1"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Exploit",
              "Third Party Advisory"
            ],
            "url": "https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p"
          }
        ],
        "sourceIdentifier": "security-advisories@github.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-1333"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-20"
              }
            ],
            "source": "security-advisories@github.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-5243 (GCVE-0-2020-5243)

FKIE_CVE-2020-5243

GHSA-CMCX-XHR8-3W9P

Impact

Patches

Details

Regex 1:

Regex 2:

Regex 3:

Regex 4:

GSD-2020-5243

Tags

Sightings

Nomenclature