Lucene search

K
redhatcveRedhat.comRH:CVE-2022-25883
HistoryJul 12, 2023 - 2:35 p.m.

CVE-2022-25883

2023-07-1214:35:38
redhat.com
access.redhat.com
66
vulnerability
node-semver
range function
dos
cpu consumption
denial of service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

51.1%

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the โ€˜new Rangeโ€™ function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

51.1%