CVE-2020-7663

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions	Third Party Advisory
https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b	Patch Third Party Advisory
https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00031.html	Mailing List Third Party Advisory
https://snyk.io/vuln/SNYK-RUBY-WEBSOCKETEXTENSIONS-570830	Exploit Third Party Advisory
https://usn.ubuntu.com/4502-1/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:websocket-extensions_project:websocket-extensions:*:*:*:*:*:ruby:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::

History

No history.

Information

Published : 2020-06-02 19:15

Updated : 2024-02-28 17:47

NVD link : CVE-2020-7663

Mitre link : CVE-2020-7663

CVE.ORG link : CVE-2020-7663

JSON object : View

Products Affected

canonical

ubuntu_linux

debian

debian_linux

websocket-extensions_project

websocket-extensions

CWE

NVD-CWE-Other

{"id": "CVE-2020-7663", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-06-02T19:15:12.467", "references": [{"url": "https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions", "tags": ["Third Party Advisory"], "source": "report@snyk.io"}, {"url": "https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b", "tags": ["Patch", "Third Party Advisory"], "source": "report@snyk.io"}, {"url": "https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2", "tags": ["Third Party Advisory"], "source": "report@snyk.io"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00031.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "report@snyk.io"}, {"url": "https://snyk.io/vuln/SNYK-RUBY-WEBSOCKETEXTENSIONS-570830", "tags": ["Exploit", "Third Party Advisory"], "source": "report@snyk.io"}, {"url": "https://usn.ubuntu.com/4502-1/", "tags": ["Third Party Advisory"], "source": "report@snyk.io"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header."}, {"lang": "es", "value": "El m\u00f3dulo de ruby websocket-extensions versiones anteriores a 0.1.5, permite una denegaci\u00f3n de servicio (DoS) por medio de Regex Backtracking. El analizador de extensiones puede tomar un tiempo cuadr\u00e1tico cuando analiza un encabezado que contiene un valor de par\u00e1metro de cadena no cerrado cuyo contenido es una secuencia repetitiva de dos bytes de una barra diagonal inversa y alg\u00fan otro car\u00e1cter. Esto podr\u00eda ser abusado por un atacante para conducir una Denegaci\u00f3n de Servicio de Regex (ReDoS) en un servidor de un subproceso \u00fanico al proporcionar una carga \u00fatil maliciosa con el encabezado Sec-WebSocket-Extensions."}], "lastModified": "2023-01-20T18:22:53.047", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:websocket-extensions_project:websocket-extensions:*:*:*:*:*:ruby:*:*", "vulnerable": true, "matchCriteriaId": "709E45F8-F7E2-434B-8D0D-E9AF4E9C52FA", "versionEndExcluding": "0.1.5"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "vulnerable": true, "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB"}], "operator": "OR"}]}], "sourceIdentifier": "report@snyk.io"}