Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2020-7663

Published: 02/06/2020 Updated: 20/01/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Websocket-extensions

Vulnerability Summary

websocket-extensions ruby module before 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an malicious user to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

websocket-extensions project websocket-extensions

debian debian linux 9.0

canonical ubuntu linux 18.04

canonical ubuntu linux 20.04

canonical ubuntu linux 16.04

Vendor Advisories

Red Hat: Important: Satellite 6.8 release
Synopsis Important: Satellite 68 release Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Satellite 68 for RHEL 7Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring System (CVSS) base score,which giv ...
Debian CVElist Bug Report Logs: ruby-websocket-extensions: CVE-2020-7663
Debian Bug report logs - #964274 ruby-websocket-extensions: CVE-2020-7663 Package: src:ruby-websocket-extensions; Maintainer for src:ruby-websocket-extensions is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 4 Jul ...

References

NVD-CWE-Otherhttps://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensionshttps://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838bhttps://snyk.io/vuln/SNYK-RUBY-WEBSOCKETEXTENSIONS-570830https://lists.debian.org/debian-lts-announce/2020/08/msg00031.htmlhttps://usn.ubuntu.com/4502-1/https://access.redhat.com/errata/RHSA-2020:4366https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2024-34558CVE-2024-32674CVE-2024-34351XPath injectionCVE-2023-45866CVE-2024-25528CVE-2024-25517path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook