Published: 13/02/2019 Updated: 02/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

An issue exists in regex.yaml (aka regexes.yaml) in UA-Parser UAP-Core prior to 0.6.0. A Regular Expression Denial of Service (ReDoS) issue allows remote malicious users to overload a server by setting the User-Agent header in an HTTP(S) request to a value containing a long digit string. (The UAP-Core project contains the vulnerability, propagating to all implementations.)

Vulnerable Product	Search on Vulmon	Subscribe to Product
uaparser user agent parser-core

Debian Bug report logs - #922717 uap-core: CVE-2018-20164 Package: src:uap-core; Maintainer for src:uap-core is Edward Betts <edward@4anglecom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 19 Feb 2019 20:03:01 UTC Severity: serious Tags: security, upstream Found in version uap-core/20181019-1 F ...

UA-Parser versions 2015-05-14 and newer suffer from a denial of service vulnerability ...

CWE-185 https://www.x41-dsec.de/lab/advisories/x41-2018-009-uaparser/https://github.com/ua-parser/uap-core/commit/156f7e12b215bddbaf3df4514c399d683e6cdadc https://github.com/ua-parser/uap-core/commit/010ccdc7303546cd22b9da687c29f4a996990014 https://github.com/ua-parser/uap-core/issues/332 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922717 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-20164

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect