Headline
CVE-2020-36620: Protect against DOS attacks made possible by parsing random invalid e… · Brondahl/EnumStringValues@c0fc780
A vulnerability was found in Brondahl EnumStringValues 4.0.1. It has been declared as problematic. This vulnerability affects the function GetStringValuesWithPreferences_Uncache of the file EnumStringValues/EnumExtensions.cs. The manipulation leads to resource consumption. Upgrading to version 4.0.2 is able to address this issue. The name of the patch is c0fc7806beb24883cc2f9543ebc50c0820297307. It is recommended to upgrade the affected component. VDB-216466 is the identifier assigned to this vulnerability.
@@ -269,15 +269,12 @@ private static List<StringValueAttribute> GetStringValuesWithPreferences_Uncache
{
var enumTypeObject = typeof(TEnumType);
var typeAppropriateDictionary = parsedEnumStringsDictionaryByType.GetOrAdd(enumTypeObject, (x) => new ConcurrentDictionary<string, Enum>());
var typeAppropriateDictionary = parsedEnumStringsDictionaryByType.GetOrAdd(
enumTypeObject,
(x) => BuildCacheDictionaryForParseStringValue<TEnumType>()
);
var cachedValue = typeAppropriateDictionary.GetOrAdd(lowerStringValue, (str) =>
{
var parseSucceededForDictionary = TryParseStringValueToEnum_Uncached<TEnumType>(lowerStringValue, out var parsedValueForDictionary);
return parseSucceededForDictionary ? (Enum) parsedValueForDictionary : null;
});
if (cachedValue != null)
if (typeAppropriateDictionary.TryGetValue(lowerStringValue, out var cachedValue))
{
parsedValue = (TEnumType)cachedValue;
return true;
@@ -292,6 +289,25 @@ private static List<StringValueAttribute> GetStringValuesWithPreferences_Uncache
/// <summary> Cache for <see cref="TryParseStringValueToEnum{TEnumType}"/> </summary>
private static ConcurrentDictionary<Type, ConcurrentDictionary<string, Enum>> parsedEnumStringsDictionaryByType;
private static ConcurrentDictionary<string, Enum> BuildCacheDictionaryForParseStringValue<TEnumType>() where TEnumType : System.Enum
{
var dict = new ConcurrentDictionary<string, Enum>();
foreach (var enumValue in EnumerateValues<TEnumType>())
{
foreach (var enumString in GetStringValues<TEnumType>(enumValue))
{
// Add to the dictionary, just overwriting if the string is already present.
// This overwrite is legitimate, because we’ve declared parsing a duplicate string definition to be `undefined behaviour`.
dict.AddOrUpdate(enumString.ToLower(), enumValue, ((repeatedString, previousEnumValue) => enumValue));
}
}
return dict;
}
private static bool TryParseStringValueToEnum_Uncached<TEnumType>(this string lowerStringValue, out TEnumType parsedValue) where TEnumType : System.Enum
{
foreach (var enumValue in EnumerateValues<TEnumType>())
Related news
A vulnerability was found in Brondahl EnumStringValues 4.0.1. It has been declared as problematic. This vulnerability affects the function GetStringValuesWithPreferences_Uncache of the file EnumStringValues/EnumExtensions.cs. The manipulation leads to resource consumption. Upgrading to version 4.0.2 can to address this issue. The name of the patch is c0fc7806beb24883cc2f9543ebc50c0820297307. It is recommended to upgrade the affected component. VDB-216466 is the identifier assigned to this vulnerability.