FKIE_CVE-2021-27293

Vulnerability from fkie_nvd - Published: 2021-07-12 11:15 - Updated: 2024-11-21 05:57
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service.
References
cve@mitre.orghttps://github.com/restsharp/RestSharp/issues/1556Exploit, Patch, Third Party Advisory
cve@mitre.orghttps://restsharp.dev/Product
af854a3a-2127-422b-91ae-364da2661108https://github.com/restsharp/RestSharp/issues/1556Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://restsharp.dev/Product
Impacted products
Vendor Product Version
restsharp restsharp *
restsharp restsharp 106.11.8
restsharp restsharp 106.11.8
restsharp restsharp 106.11.8
restsharp restsharp 106.11.8
restsharp restsharp 106.11.8
restsharp restsharp 106.11.8
restsharp restsharp 106.11.8
restsharp restsharp 106.11.8
To clipboard Create KEV Entry 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:restsharp:restsharp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED720ADD-C611-4541-B637-8E43B63AFF95",
              "versionEndIncluding": "106.11.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.10:*:*:*:*:*:*",
              "matchCriteriaId": "4F1B7ECC-4AAA-4830-A94C-8C4CC1DDF008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.11:*:*:*:*:*:*",
              "matchCriteriaId": "744F5450-A340-4484-8CC2-483886C0E75B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.12:*:*:*:*:*:*",
              "matchCriteriaId": "81B83013-BACA-463A-B20D-6C22BF27317F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.2:*:*:*:*:*:*",
              "matchCriteriaId": "FDB472BE-A8F8-4001-9F88-9F6FF7F26375",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.3:*:*:*:*:*:*",
              "matchCriteriaId": "EE119EAE-E84F-4134-A432-DB625DE49190",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.4:*:*:*:*:*:*",
              "matchCriteriaId": "9F7D3C04-6760-4A72-AC13-287E12DE8276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.6:*:*:*:*:*:*",
              "matchCriteriaId": "F7134DE4-9E43-43E6-82BF-C0502AA3F30E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.7:*:*:*:*:*:*",
              "matchCriteriaId": "7FC1A2B8-6AA1-4477-80BD-9043D202D5F2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "RestSharp \u003c 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service."
    },
    {
      "lang": "es",
      "value": "RestSharp versiones anteiores a 106.11.8-alpha.0.13, usa una Expresi\u00f3n Regular que es vulnerable a una Denegaci\u00f3n de Servicio por Expresi\u00f3n Regular (ReDoS) cuando convierte cadenas en DateTimes. Si un servidor responde con una cadena maliciosa, el cliente que use RestSharp se quedar\u00e1 atascado proces\u00e1ndola durante un tiempo excesivo. As\u00ed, el servidor remoto puede desencadenar una Denegaci\u00f3n de Servicio"
    }
  ],
  "id": "CVE-2021-27293",
  "lastModified": "2024-11-21T05:57:45.967",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-12T11:15:08.100",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/restsharp/RestSharp/issues/1556"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "https://restsharp.dev/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/restsharp/RestSharp/issues/1556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://restsharp.dev/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-697"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.