Vulnerability Details : CVE-2020-7663
websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.
Vulnerability category: Denial of service
Products affected by CVE-2020-7663
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
- cpe:2.3:a:websocket-extensions_project:websocket-extensions:*:*:*:*:*:ruby:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-7663
1.65%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-7663
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
References for CVE-2020-7663
-
https://lists.debian.org/debian-lts-announce/2020/08/msg00031.html
[SECURITY] [DLA 2334-1] ruby-websocket-extensions security updateMailing List;Third Party Advisory
-
https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b
Remove ReDoS vulnerability in the Sec-WebSocket-Extensions header parser · faye/websocket-extensions-ruby@aa156a4 · GitHubPatch;Third Party Advisory
-
https://usn.ubuntu.com/4502-1/
USN-4502-1: websocket-extensions vulnerability | Ubuntu security notices | UbuntuThird Party Advisory
-
https://snyk.io/vuln/SNYK-RUBY-WEBSOCKETEXTENSIONS-570830
Regular Expression Denial of Service (ReDoS) in websocket-extensions | SnykExploit;Third Party Advisory
-
https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2
ReDoS vulnerability in Sec-WebSocket-Extensions parser · Advisory · faye/websocket-extensions-ruby · GitHubThird Party Advisory
-
https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions
ReDoS vulnerability in websocket-extensions – The If WorksThird Party Advisory
Jump to