fkie_cve-2020-7662
Vulnerability from fkie_nvd
Published
2020-06-02 19:15
Modified
2024-11-21 05:37
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.
References
report@snyk.iohttps://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensionsExploit, Third Party Advisory
report@snyk.iohttps://github.com/faye/websocket-extensions-node/commit/29496f6838bfadfe5a2f85dff33ed0ba33873237Patch, Third Party Advisory
report@snyk.iohttps://github.com/faye/websocket-extensions-node/security/advisories/GHSA-g78m-2chm-r7qvExploit, Third Party Advisory
report@snyk.iohttps://snyk.io/vuln/SNYK-JS-WEBSOCKETEXTENSIONS-570623Exploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensionsExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/faye/websocket-extensions-node/commit/29496f6838bfadfe5a2f85dff33ed0ba33873237Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/faye/websocket-extensions-node/security/advisories/GHSA-g78m-2chm-r7qvExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://snyk.io/vuln/SNYK-JS-WEBSOCKETEXTENSIONS-570623Exploit, Technical Description, Third Party Advisory
Impacted products
Vendor Product Version
websocket-extensions_project websocket-extensions *


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:websocket-extensions_project:websocket-extensions:*:*:*:*:*:node.js:*:*",
                     matchCriteriaId: "8DB781EF-866D-46E6-A817-2CB528145B37",
                     versionEndExcluding: "0.1.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.",
      },
      {
         lang: "es",
         value: "El módulo de npm websocket-extensions versiones anteriores a 0.1.4 permite una denegación de servicio (DoS) por medio de Regex Backtracking. El analizador de extensiones puede tardar un tiempo cuadrático cuando analiza un encabezado que contiene un valor de parámetro de cadena no cerrado cuyo contenido es una secuencia repetitiva de dos bytes de una barra diagonal inversa y algún otro carácter. Esto podría ser abusado por un atacante para llevar a cabo una Denegación de Servicio de Regex (ReDoS) en un servidor de un subproceso único al proporcionar una carga útil maliciosa con el encabezado Sec-WebSocket-Extensions",
      },
   ],
   id: "CVE-2020-7662",
   lastModified: "2024-11-21T05:37:33.803",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-06-02T19:15:12.403",
   references: [
      {
         source: "report@snyk.io",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions",
      },
      {
         source: "report@snyk.io",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/faye/websocket-extensions-node/commit/29496f6838bfadfe5a2f85dff33ed0ba33873237",
      },
      {
         source: "report@snyk.io",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/faye/websocket-extensions-node/security/advisories/GHSA-g78m-2chm-r7qv",
      },
      {
         source: "report@snyk.io",
         tags: [
            "Exploit",
            "Technical Description",
            "Third Party Advisory",
         ],
         url: "https://snyk.io/vuln/SNYK-JS-WEBSOCKETEXTENSIONS-570623",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/faye/websocket-extensions-node/commit/29496f6838bfadfe5a2f85dff33ed0ba33873237",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/faye/websocket-extensions-node/security/advisories/GHSA-g78m-2chm-r7qv",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Technical Description",
            "Third Party Advisory",
         ],
         url: "https://snyk.io/vuln/SNYK-JS-WEBSOCKETEXTENSIONS-570623",
      },
   ],
   sourceIdentifier: "report@snyk.io",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.