Moderate severityNVD Advisory· Published Feb 20, 2020· Updated Aug 4, 2024
Denial of Service in uap-core when processing crafted User-Agent strings
CVE-2020-5243
Description
uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This has been patched in uap-core 0.7.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
uap-corenpm | < 0.7.3 | 0.7.3 |
user_agent_parserRubyGems | < 2.6.0 | 2.6.0 |
Affected products
3- ghsa-coords2 versions
< 2.6.0+ 1 more
- (no CPE)range: < 2.6.0
- (no CPE)range: < 0.7.3
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-cmcx-xhr8-3w9pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-5243ghsaADVISORY
- github.com/rubysec/ruby-advisory-db/blob/master/gems/user_agent_parser/CVE-2020-5243.ymlghsaWEB
- github.com/ua-parser/uap-core/commit/0afd61ed85396a3b5316f18bfd1edfaadf8e88e1ghsax_refsource_MISCWEB
- github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9pghsax_refsource_CONFIRMWEB
- github.com/ua-parser/uap-ruby/security/advisories/GHSA-pcqq-5962-hvcwghsaWEB
News mentions
0No linked articles in our index yet.