CVE-2020-7663 - OpenCVE

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Websocket-extensions Project	Websocket-extensions
Canonical	Ubuntu Linux

Configuration 1 [-]

cpe:2.3:a:websocket-extensions_project:websocket-extensions:*:*:*:*:*:ruby:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::

References

Link	Resource
https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions	Third Party Advisory
https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b	Patch Third Party Advisory
https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00031.html	Mailing List Third Party Advisory
https://snyk.io/vuln/SNYK-RUBY-WEBSOCKETEXTENSIONS-570830	Exploit Third Party Advisory
https://usn.ubuntu.com/4502-1/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: snyk

Published: 2020-06-02T18:25:01

Updated: 2020-09-17T14:27:33

Reserved: 2020-01-21T00:00:00

Link: CVE-2020-7663

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-06-02T19:15:12.467

Modified: 2023-01-20T18:22:53.047

Link: CVE-2020-7663

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "websocket-extensions (ruby)", "vendor": "n/a", "versions": [{"status": "affected", "version": "All versions prior to 0.1.5"}]}], "datePublic": "2020-06-02T00:00:00", "descriptions": [{"lang": "en", "value": "websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header."}], "problemTypes": [{"descriptions": [{"description": "Regular Expression Denial of Service (ReDoS)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-09-17T14:27:33", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions"}, {"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-RUBY-WEBSOCKETEXTENSIONS-570830"}, {"name": "[debian-lts-announce] 20200819 [SECURITY] [DLA 2334-1] ruby-websocket-extensions security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00031.html"}, {"name": "USN-4502-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4502-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "ID": "CVE-2020-7663", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "websocket-extensions (ruby)", "version": {"version_data": [{"version_value": "All versions prior to 0.1.5"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Regular Expression Denial of Service (ReDoS)"}]}]}, "references": {"reference_data": [{"name": "https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2", "refsource": "MISC", "url": "https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2"}, {"name": "https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b", "refsource": "MISC", "url": "https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b"}, {"name": "https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions", "refsource": "MISC", "url": "https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions"}, {"name": "https://snyk.io/vuln/SNYK-RUBY-WEBSOCKETEXTENSIONS-570830", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-RUBY-WEBSOCKETEXTENSIONS-570830"}, {"name": "[debian-lts-announce] 20200819 [SECURITY] [DLA 2334-1] ruby-websocket-extensions security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00031.html"}, {"name": "USN-4502-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4502-1/"}]}}}}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2020-7663", "datePublished": "2020-06-02T18:25:01", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2020-09-17T14:27:33", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:websocket-extensions_project:websocket-extensions:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "709E45F8-F7E2-434B-8D0D-E9AF4E9C52FA", "versionEndExcluding": "0.1.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header."}, {"lang": "es", "value": "El m\u00f3dulo de ruby websocket-extensions versiones anteriores a 0.1.5, permite una denegaci\u00f3n de servicio (DoS) por medio de Regex Backtracking. El analizador de extensiones puede tomar un tiempo cuadr\u00e1tico cuando analiza un encabezado que contiene un valor de par\u00e1metro de cadena no cerrado cuyo contenido es una secuencia repetitiva de dos bytes de una barra diagonal inversa y alg\u00fan otro car\u00e1cter. Esto podr\u00eda ser abusado por un atacante para conducir una Denegaci\u00f3n de Servicio de Regex (ReDoS) en un servidor de un subproceso \u00fanico al proporcionar una carga \u00fatil maliciosa con el encabezado Sec-WebSocket-Extensions."}], "id": "CVE-2020-7663", "lastModified": "2023-01-20T18:22:53.047", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-02T19:15:12.467", "references": [{"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b"}, {"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2"}, {"source": "report@snyk.io", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00031.html"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-RUBY-WEBSOCKETEXTENSIONS-570830"}, {"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4502-1/"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}