SUSE SLES15 / openSUSE 15 Security Update : rubygem-websocket-extensions (SUSE-SU-2023:0127-1)
Discription

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0127-1 advisory.

– websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header. (CVE-2020-7663)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More

Back to Main

Subscribe for the latest news: