Brondahl EnumStringValues EnumExtensions.cs GetStringValuesWithPreferences_Uncache resource consumption
Description
A vulnerability was found in Brondahl EnumStringValues up to 4.0.0. It has been declared as problematic. This vulnerability affects the function GetStringValuesWithPreferences_Uncache of the file EnumStringValues/EnumExtensions.cs. The manipulation leads to resource consumption. Upgrading to version 4.0.1 is able to address this issue. The name of the patch is c0fc7806beb24883cc2f9543ebc50c0820297307. It is recommended to upgrade the affected component. VDB-216466 is the identifier assigned to this vulnerability.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
EnumStringValuesNuGet | < 4.0.2 | 4.0.2 |
Affected products
1- Range: 4.0
Patches
1c0fc7806beb2Protect against DOS attacks made possible by parsing random invalid enum strings
1 file changed · +24 −8
EnumStringValues/EnumExtensions.cs+24 −8 modified@@ -269,15 +269,12 @@ private static bool TryParseStringValueToEnum_ViaCache<TEnumType>(string lowerSt { var enumTypeObject = typeof(TEnumType); - var typeAppropriateDictionary = parsedEnumStringsDictionaryByType.GetOrAdd(enumTypeObject, (x) => new ConcurrentDictionary<string, Enum>()); + var typeAppropriateDictionary = parsedEnumStringsDictionaryByType.GetOrAdd( + enumTypeObject, + (x) => BuildCacheDictionaryForParseStringValue<TEnumType>() + ); - var cachedValue = typeAppropriateDictionary.GetOrAdd(lowerStringValue, (str) => - { - var parseSucceededForDictionary = TryParseStringValueToEnum_Uncached<TEnumType>(lowerStringValue, out var parsedValueForDictionary); - return parseSucceededForDictionary ? (Enum) parsedValueForDictionary : null; - }); - - if (cachedValue != null) + if (typeAppropriateDictionary.TryGetValue(lowerStringValue, out var cachedValue)) { parsedValue = (TEnumType)cachedValue; return true; @@ -292,6 +289,25 @@ private static bool TryParseStringValueToEnum_ViaCache<TEnumType>(string lowerSt /// <summary> Cache for <see cref="TryParseStringValueToEnum{TEnumType}"/> </summary> private static ConcurrentDictionary<Type, ConcurrentDictionary<string, Enum>> parsedEnumStringsDictionaryByType; + + private static ConcurrentDictionary<string, Enum> BuildCacheDictionaryForParseStringValue<TEnumType>() where TEnumType : System.Enum + { + var dict = new ConcurrentDictionary<string, Enum>(); + + foreach (var enumValue in EnumerateValues<TEnumType>()) + { + foreach (var enumString in GetStringValues<TEnumType>(enumValue)) + { + // Add to the dictionary, just overwriting if the string is already present. + // This overwrite is legitimate, because we've declared parsing a duplicate string definition to be `undefined behaviour`. + dict.AddOrUpdate(enumString.ToLower(), enumValue, ((repeatedString, previousEnumValue) => enumValue)); + } + } + + return dict; + } + + private static bool TryParseStringValueToEnum_Uncached<TEnumType>(this string lowerStringValue, out TEnumType parsedValue) where TEnumType : System.Enum { foreach (var enumValue in EnumerateValues<TEnumType>())
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/Brondahl/EnumStringValues/commit/c0fc7806beb24883cc2f9543ebc50c0820297307ghsamitigationpatchWEB
- github.com/advisories/GHSA-vq23-hwg7-hxrhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-36620ghsaADVISORY
- github.com/Brondahl/EnumStringValues/releases/tag/4.0.1ghsamitigationWEB
- github.com/Brondahl/EnumStringValues/releases/tag/4.0.2ghsaWEB
- vuldb.comghsatechnical-descriptionvdb-entryWEB
News mentions
0No linked articles in our index yet.