Description

RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service.

Related CPE's

a

restsharp

restsharp

9

References

https://github.com/restsharp/RestSharp/issues/1556

ExploitPatchThird Party Advisory

https://restsharp.dev/

Product

https://github.com/restsharp/RestSharp/issues/1556

ExploitPatchThird Party Advisory

https://restsharp.dev/

Product

Weaknesses

[email protected]

Primary
CWE-697

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-07-12T09:15:08.100Z

4 years ago

Last modified

2024-11-21T04:57:45.967Z

1 year ago