CVE-2020-7662 - OpenCVE

websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Websocket-extensions Project	Websocket-extensions

Configuration 1 [-]

cpe:2.3:a:websocket-extensions_project:websocket-extensions:*:*:*:*:*:node.js:*:*

References

Link	Resource
https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions	Exploit Third Party Advisory
https://github.com/faye/websocket-extensions-node/commit/29496f6838bfadfe5a2f85dff33ed0ba33873237	Patch Third Party Advisory
https://github.com/faye/websocket-extensions-node/security/advisories/GHSA-g78m-2chm-r7qv	Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JS-WEBSOCKETEXTENSIONS-570623	Exploit Technical Description Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: snyk

Published: 2020-06-02T18:28:46

Updated: 2020-12-18T21:10:46

Reserved: 2020-01-21T00:00:00

Link: CVE-2020-7662

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-06-02T19:15:12.403

Modified: 2020-12-23T18:22:38.827

Link: CVE-2020-7662

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "websocket-extensions (npm)", "vendor": "n/a", "versions": [{"status": "affected", "version": "All versions prior to 0.1.4"}]}], "datePublic": "2020-06-02T00:00:00", "descriptions": [{"lang": "en", "value": "websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header."}], "problemTypes": [{"descriptions": [{"description": "Regular Expression Denial of Service (ReDoS)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-12-18T21:10:46", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/faye/websocket-extensions-node/security/advisories/GHSA-g78m-2chm-r7qv"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/faye/websocket-extensions-node/commit/29496f6838bfadfe5a2f85dff33ed0ba33873237"}, {"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JS-WEBSOCKETEXTENSIONS-570623"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "ID": "CVE-2020-7662", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "websocket-extensions (npm)", "version": {"version_data": [{"version_value": "All versions prior to 0.1.4"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Regular Expression Denial of Service (ReDoS)"}]}]}, "references": {"reference_data": [{"name": "https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions", "refsource": "MISC", "url": "https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions"}, {"name": "https://github.com/faye/websocket-extensions-node/security/advisories/GHSA-g78m-2chm-r7qv", "refsource": "MISC", "url": "https://github.com/faye/websocket-extensions-node/security/advisories/GHSA-g78m-2chm-r7qv"}, {"name": "https://github.com/faye/websocket-extensions-node/commit/29496f6838bfadfe5a2f85dff33ed0ba33873237", "refsource": "MISC", "url": "https://github.com/faye/websocket-extensions-node/commit/29496f6838bfadfe5a2f85dff33ed0ba33873237"}, {"name": "https://snyk.io/vuln/SNYK-JS-WEBSOCKETEXTENSIONS-570623", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-WEBSOCKETEXTENSIONS-570623"}]}}}}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2020-7662", "datePublished": "2020-06-02T18:28:46", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2020-12-18T21:10:46", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:websocket-extensions_project:websocket-extensions:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "8DB781EF-866D-46E6-A817-2CB528145B37", "versionEndExcluding": "0.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header."}, {"lang": "es", "value": "El m\u00f3dulo de npm websocket-extensions versiones anteriores a 0.1.4 permite una denegaci\u00f3n de servicio (DoS) por medio de Regex Backtracking. El analizador de extensiones puede tardar un tiempo cuadr\u00e1tico cuando analiza un encabezado que contiene un valor de par\u00e1metro de cadena no cerrado cuyo contenido es una secuencia repetitiva de dos bytes de una barra diagonal inversa y alg\u00fan otro car\u00e1cter. Esto podr\u00eda ser abusado por un atacante para llevar a cabo una Denegaci\u00f3n de Servicio de Regex (ReDoS) en un servidor de un subproceso \u00fanico al proporcionar una carga \u00fatil maliciosa con el encabezado Sec-WebSocket-Extensions"}], "id": "CVE-2020-7662", "lastModified": "2020-12-23T18:22:38.827", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-02T19:15:12.403", "references": [{"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/faye/websocket-extensions-node/commit/29496f6838bfadfe5a2f85dff33ed0ba33873237"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/faye/websocket-extensions-node/security/advisories/GHSA-g78m-2chm-r7qv"}, {"source": "report@snyk.io", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-WEBSOCKETEXTENSIONS-570623"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}