Moderate severityOSV Advisory· Published Feb 13, 2019· Updated Aug 5, 2024
CVE-2018-20164
CVE-2018-20164
Description
An issue was discovered in regex.yaml (aka regexes.yaml) in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service (ReDoS) issue allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to a value containing a long digit string. (The UAP-Core project contains the vulnerability, propagating to all implementations.)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
uap-corenpm | < 0.6.0 | 0.6.0 |
Affected products
2Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-fx7m-j728-mjw3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-20164ghsaADVISORY
- github.com/ua-parser/uap-core/commit/010ccdc7303546cd22b9da687c29f4a996990014ghsax_refsource_MISCWEB
- github.com/ua-parser/uap-core/commit/156f7e12b215bddbaf3df4514c399d683e6cdadcghsax_refsource_MISCWEB
- github.com/ua-parser/uap-core/issues/332ghsax_refsource_MISCWEB
- www.x41-dsec.de/lab/advisories/x41-2018-009-uaparserghsaWEB
- www.x41-dsec.de/lab/advisories/x41-2018-009-uaparser/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.