CVE-2021-27293

RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/restsharp/RestSharp/issues/1556	Exploit Patch Third Party Advisory
https://restsharp.dev/	Product
https://github.com/restsharp/RestSharp/issues/1556	Exploit Patch Third Party Advisory
https://restsharp.dev/	Product

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:restsharp:restsharp::::::::
	cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.10::::::
	cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.11::::::
	cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.12::::::
	cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.2::::::
	cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.3::::::
	cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.4::::::
	cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.6::::::
	cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.7::::::

History

21 Nov 2024, 05:57

Type	Values Removed	Values Added
References	~~() https://github.com/restsharp/RestSharp/issues/1556 - Exploit, Patch, Third Party Advisory~~	() https://github.com/restsharp/RestSharp/issues/1556 - Exploit, Patch, Third Party Advisory
References	~~() https://restsharp.dev/ - Product~~	() https://restsharp.dev/ - Product

Information

Published : 2021-07-12 11:15

Updated : 2024-11-21 05:57

NVD link : CVE-2021-27293

Mitre link : CVE-2021-27293

CVE.ORG link : CVE-2021-27293

JSON object : View

Products Affected

restsharp

restsharp

CWE

CWE-697

Incorrect Comparison

{"id": "CVE-2021-27293", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-07-12T11:15:08.100", "references": [{"url": "https://github.com/restsharp/RestSharp/issues/1556", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://restsharp.dev/", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/restsharp/RestSharp/issues/1556", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://restsharp.dev/", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-697"}]}], "descriptions": [{"lang": "en", "value": "RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service."}, {"lang": "es", "value": "RestSharp versiones anteiores a 106.11.8-alpha.0.13, usa una Expresi\u00f3n Regular que es vulnerable a una Denegaci\u00f3n de Servicio por Expresi\u00f3n Regular (ReDoS) cuando convierte cadenas en DateTimes. Si un servidor responde con una cadena maliciosa, el cliente que use RestSharp se quedar\u00e1 atascado proces\u00e1ndola durante un tiempo excesivo. As\u00ed, el servidor remoto puede desencadenar una Denegaci\u00f3n de Servicio"}], "lastModified": "2024-11-21T05:57:45.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:restsharp:restsharp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED720ADD-C611-4541-B637-8E43B63AFF95", "versionEndIncluding": "106.11.7"}, {"criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F1B7ECC-4AAA-4830-A94C-8C4CC1DDF008"}, {"criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "744F5450-A340-4484-8CC2-483886C0E75B"}, {"criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81B83013-BACA-463A-B20D-6C22BF27317F"}, {"criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDB472BE-A8F8-4001-9F88-9F6FF7F26375"}, {"criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE119EAE-E84F-4134-A432-DB625DE49190"}, {"criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F7D3C04-6760-4A72-AC13-287E12DE8276"}, {"criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7134DE4-9E43-43E6-82BF-C0502AA3F30E"}, {"criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FC1A2B8-6AA1-4477-80BD-9043D202D5F2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}