5 matches found
CVE-2020-5243
uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent...
Regular Expression Denial Of Service (ReDoS)
useragentparser is vulnerable to regular expression denial of service ReDoS. The vulnerability exists through the vendored module, uap-core, where a long digit string can cause ReDoS. This vulnerability is related to CVE-2020-5243...
CVE-2020-5243
uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent...
CVE-2020-5243 Denial of Service in uap-core when processing crafted User-Agent strings
uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent...
CVE-2020-5243
CVE-2020-5243 describes a denial-of-service vulnerability in uap-core before 0.7.3, where processing crafted User-Agent strings triggers overlapping capture group REGEX backtracking (REDoS). The issue affects the library’s User-Agent parsing, allowing remote attackers to overload a server by send...