Description

RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service.

Related CPE's

a

restsharp

restsharp

9

References

https://github.com/restsharp/RestSharp/issues/1556

ExploitPatchThird Party Advisory

https://restsharp.dev/

Product

Weaknesses

[email protected]

Primary
CWE-697

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-07-12T11:15:08.100

4 years ago

Last modified

2021-09-09T12:43:33.683

3 years ago