Published: 21/02/2020 Updated: 08/02/2024

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

uap-core prior to 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote malicious users to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This has been patched in uap-core 0.7.3.

Vulnerable Product	Search on Vulmon	Subscribe to Product
uap-core project uap-core

Debian Bug report logs - #952649 uap-core: CVE-2020-5243 Package: src:uap-core; Maintainer for src:uap-core is Edward Betts <edward@4anglecom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 26 Feb 2020 20:54:02 UTC Severity: grave Tags: security, upstream Found in version uap-core/20190213-2 ...

CWE-1333 https://github.com/ua-parser/uap-core/commit/0afd61ed85396a3b5316f18bfd1edfaadf8e88e1 https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952649 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-5243

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect