CVE-2021-27293 - OpenCVE

RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Restsharp	Restsharp

Configuration 1 [-]

OR	cpe:2.3:a:restsharp:restsharp::::::::
	cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.10::::::
	cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.11::::::
	cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.12::::::
	cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.2::::::
	cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.3::::::
	cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.4::::::
	cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.6::::::
	cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.7::::::

No data.

References

Link	Providers
https://github.com/restsharp/RestSharp/issues/1556
https://restsharp.dev/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-07-12T10:47:01

Updated: 2024-08-03T20:48:16.148Z

Reserved: 2021-02-16T00:00:00

Link: CVE-2021-27293

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-07-12T11:15:08.100

Modified: 2021-09-09T12:43:33.683

Link: CVE-2021-27293

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-12T10:47:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://restsharp.dev/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/restsharp/RestSharp/issues/1556"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-27293", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://restsharp.dev/", "refsource": "MISC", "url": "https://restsharp.dev/"}, {"name": "https://github.com/restsharp/RestSharp/issues/1556", "refsource": "MISC", "url": "https://github.com/restsharp/RestSharp/issues/1556"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:48:16.148Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://restsharp.dev/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/restsharp/RestSharp/issues/1556"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-27293", "datePublished": "2021-07-12T10:47:01", "dateReserved": "2021-02-16T00:00:00", "dateUpdated": "2024-08-03T20:48:16.148Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:restsharp:restsharp:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED720ADD-C611-4541-B637-8E43B63AFF95", "versionEndIncluding": "106.11.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.10:*:*:*:*:*:*", "matchCriteriaId": "4F1B7ECC-4AAA-4830-A94C-8C4CC1DDF008", "vulnerable": true}, {"criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.11:*:*:*:*:*:*", "matchCriteriaId": "744F5450-A340-4484-8CC2-483886C0E75B", "vulnerable": true}, {"criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.12:*:*:*:*:*:*", "matchCriteriaId": "81B83013-BACA-463A-B20D-6C22BF27317F", "vulnerable": true}, {"criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.2:*:*:*:*:*:*", "matchCriteriaId": "FDB472BE-A8F8-4001-9F88-9F6FF7F26375", "vulnerable": true}, {"criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.3:*:*:*:*:*:*", "matchCriteriaId": "EE119EAE-E84F-4134-A432-DB625DE49190", "vulnerable": true}, {"criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.4:*:*:*:*:*:*", "matchCriteriaId": "9F7D3C04-6760-4A72-AC13-287E12DE8276", "vulnerable": true}, {"criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.6:*:*:*:*:*:*", "matchCriteriaId": "F7134DE4-9E43-43E6-82BF-C0502AA3F30E", "vulnerable": true}, {"criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.7:*:*:*:*:*:*", "matchCriteriaId": "7FC1A2B8-6AA1-4477-80BD-9043D202D5F2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service."}, {"lang": "es", "value": "RestSharp versiones anteiores a 106.11.8-alpha.0.13, usa una Expresi\u00f3n Regular que es vulnerable a una Denegaci\u00f3n de Servicio por Expresi\u00f3n Regular (ReDoS) cuando convierte cadenas en DateTimes. Si un servidor responde con una cadena maliciosa, el cliente que use RestSharp se quedar\u00e1 atascado proces\u00e1ndola durante un tiempo excesivo. As\u00ed, el servidor remoto puede desencadenar una Denegaci\u00f3n de Servicio"}], "id": "CVE-2021-27293", "lastModified": "2021-09-09T12:43:33.683", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-12T11:15:08.100", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/restsharp/RestSharp/issues/1556"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://restsharp.dev/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-697"}], "source": "nvd@nist.gov", "type": "Primary"}]}