CVE-2022-29167 - OpenCVE

Vendors	Products
Mozilla	Hawk

Link	Resource
https://github.com/mozilla/hawk/pull/286	Patch Third Party Advisory
https://github.com/mozilla/hawk/security/advisories/GHSA-44pw-h2cw-w3vq	Patch Third Party Advisory

{"containers": {"cna": {"affected": [{"product": "hawk", "vendor": "mozilla", "versions": [{"status": "affected", "version": "< 9.0.1"}]}], "descriptions": [{"lang": "en", "value": "Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse `Host` HTTP header (`Hawk.utils.parseHost()`), which was subject to regular expression DoS attack - meaning each added character in the attacker's input increases the computation time exponentially. `parseHost()` was patched in `9.0.1` to use built-in `URL` class to parse hostname instead. `Hawk.authenticate()` accepts `options` argument. If that contains `host` and `port`, those would be used instead of a call to `utils.parseHost()`."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-05T22:55:10", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/mozilla/hawk/security/advisories/GHSA-44pw-h2cw-w3vq"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mozilla/hawk/pull/286"}], "source": {"advisory": "GHSA-44pw-h2cw-w3vq", "discovery": "UNKNOWN"}, "title": "ReDoS vulnerability in header parsing in hawk", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-29167", "STATE": "PUBLIC", "TITLE": "ReDoS vulnerability in header parsing in hawk"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "hawk", "version": {"version_data": [{"version_value": "< 9.0.1"}]}}]}, "vendor_name": "mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse `Host` HTTP header (`Hawk.utils.parseHost()`), which was subject to regular expression DoS attack - meaning each added character in the attacker's input increases the computation time exponentially. `parseHost()` was patched in `9.0.1` to use built-in `URL` class to parse hostname instead. `Hawk.authenticate()` accepts `options` argument. If that contains `host` and `port`, those would be used instead of a call to `utils.parseHost()`."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400: Uncontrolled Resource Consumption"}]}]}, "references": {"reference_data": [{"name": "https://github.com/mozilla/hawk/security/advisories/GHSA-44pw-h2cw-w3vq", "refsource": "CONFIRM", "url": "https://github.com/mozilla/hawk/security/advisories/GHSA-44pw-h2cw-w3vq"}, {"name": "https://github.com/mozilla/hawk/pull/286", "refsource": "MISC", "url": "https://github.com/mozilla/hawk/pull/286"}]}, "source": {"advisory": "GHSA-44pw-h2cw-w3vq", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-29167", "datePublished": "2022-05-05T22:55:10", "dateReserved": "2022-04-13T00:00:00", "dateUpdated": "2022-05-05T22:55:10", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:hawk:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "52944D80-ECF3-4739-B338-91E50E563870", "versionEndExcluding": "9.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse `Host` HTTP header (`Hawk.utils.parseHost()`), which was subject to regular expression DoS attack - meaning each added character in the attacker's input increases the computation time exponentially. `parseHost()` was patched in `9.0.1` to use built-in `URL` class to parse hostname instead. `Hawk.authenticate()` accepts `options` argument. If that contains `host` and `port`, those would be used instead of a call to `utils.parseHost()`."}, {"lang": "es", "value": "Hawk es un esquema de autenticaci\u00f3n HTTP que proporciona mecanismos para realizar peticiones HTTP autenticadas con verificaci\u00f3n criptogr\u00e1fica parcial de la petici\u00f3n y la respuesta, cubriendo el m\u00e9todo HTTP, el URI de la petici\u00f3n, el host y, opcionalmente, la carga \u00fatil de la petici\u00f3n. Hawk usaba una expresi\u00f3n regular para analizar el encabezado HTTP \"Host\" (\"Hawk.utils.parseHost()\"), que estaba sujeta a un ataque DoS de expresi\u00f3n regular - lo que significa que cada car\u00e1cter a\u00f1adido en la entrada del atacante aumenta el tiempo de c\u00e1lculo exponencialmente. ParseHost()\" ha sido corregido en versi\u00f3n \"9.0.1\" para usar la clase \"URL' incorporada para analizar el nombre de host. Hawk.authenticate()\" acepta el argumento \"options\". Si \u00e9ste contiene \"host\" y \"port\", ser\u00e1n usadas en lugar de una llamada a \"utils.parseHost()\""}], "id": "CVE-2022-29167", "lastModified": "2023-07-21T16:42:53.857", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-05-05T23:15:09.083", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/mozilla/hawk/pull/286"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/mozilla/hawk/security/advisories/GHSA-44pw-h2cw-w3vq"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1333"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

JSON object

JSON object

JSON object