CVE-2024-6038 - OpenCVE

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filter_history function within the utils.py module. This function takes a user-provided keyword and attempts to match it against chat history filenames using a regular expression search. Due to the lack of sanitization or validation of the keyword parameter, an attacker can inject a specially crafted regular expression, leading to a denial of service condition. This can cause severe degradation of service performance and potential system unavailability.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://huntr.com/bounties/d41cca0a-82bc-4cbf-a52a-928d304fb42d

History

No history.

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-27T18:41:45.405Z

Updated: 2024-08-01T21:25:03.163Z

Reserved: 2024-06-15T08:15:24.324Z

Link: CVE-2024-6038

Vulnrichment

Updated: 2024-08-01T21:25:03.163Z

NVD

Status : Awaiting Analysis

Published: 2024-06-27T19:15:19.040

Modified: 2024-06-27T19:25:12.067

Link: CVE-2024-6038

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6038", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-06-15T08:15:24.324Z", "datePublished": "2024-06-27T18:41:45.405Z", "dateUpdated": "2024-08-01T21:25:03.163Z"}, "containers": {"cna": {"title": "ReDoS Vulnerability in gaizhenbiao/chuanhuchatgpt", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-27T18:41:45.405Z"}, "descriptions": [{"lang": "en", "value": "A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filter_history function within the utils.py module. This function takes a user-provided keyword and attempts to match it against chat history filenames using a regular expression search. Due to the lack of sanitization or validation of the keyword parameter, an attacker can inject a specially crafted regular expression, leading to a denial of service condition. This can cause severe degradation of service performance and potential system unavailability."}], "affected": [{"vendor": "gaizhenbiao", "product": "gaizhenbiao/chuanhuchatgpt", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/d41cca0a-82bc-4cbf-a52a-928d304fb42d"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-625 Permissive Regular Expression", "cweId": "CWE-625"}]}], "source": {"advisory": "d41cca0a-82bc-4cbf-a52a-928d304fb42d", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "gaizhenbiao", "product": "chuanhuchatgpt", "cpes": ["cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-28T15:11:23.458775Z", "id": "CVE-2024-6038", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-28T15:15:41.733Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.163Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/d41cca0a-82bc-4cbf-a52a-928d304fb42d", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/d41cca0a-82bc-4cbf-a52a-928d304fb42d", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.163Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6038", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-28T15:11:23.458775Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:-:*:*:*:*:*:*:*"], "vendor": "gaizhenbiao", "product": "chuanhuchatgpt", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-28T15:15:37.146Z"}}], "cna": {"title": "ReDoS Vulnerability in gaizhenbiao/chuanhuchatgpt", "source": {"advisory": "d41cca0a-82bc-4cbf-a52a-928d304fb42d", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "gaizhenbiao", "product": "gaizhenbiao/chuanhuchatgpt", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/d41cca0a-82bc-4cbf-a52a-928d304fb42d"}], "descriptions": [{"lang": "en", "value": "A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filter_history function within the utils.py module. This function takes a user-provided keyword and attempts to match it against chat history filenames using a regular expression search. Due to the lack of sanitization or validation of the keyword parameter, an attacker can inject a specially crafted regular expression, leading to a denial of service condition. This can cause severe degradation of service performance and potential system unavailability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-625", "description": "CWE-625 Permissive Regular Expression"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-27T18:41:45.405Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6038", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:25:03.163Z", "dateReserved": "2024-06-15T08:15:24.324Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-06-27T18:41:45.405Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filter_history function within the utils.py module. This function takes a user-provided keyword and attempts to match it against chat history filenames using a regular expression search. Due to the lack of sanitization or validation of the keyword parameter, an attacker can inject a specially crafted regular expression, leading to a denial of service condition. This can cause severe degradation of service performance and potential system unavailability."}, {"lang": "es", "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio de expresi\u00f3n regular (ReDoS) en la \u00faltima versi\u00f3n de gaizhenbiao/chuanhuchatgpt. La vulnerabilidad se encuentra en la funci\u00f3n filter_history dentro del m\u00f3dulo utils.py. Esta funci\u00f3n toma una palabra clave proporcionada por el usuario e intenta compararla con los nombres de archivos del historial de chat mediante una b\u00fasqueda de expresi\u00f3n regular. Debido a la falta de sanitizaci\u00f3n o validaci\u00f3n del par\u00e1metro de palabra clave, un atacante puede inyectar una expresi\u00f3n regular especialmente manipulada, lo que lleva a una condici\u00f3n de denegaci\u00f3n de servicio. Esto puede provocar una degradaci\u00f3n grave del rendimiento del servicio y una posible indisponibilidad del sistema."}], "id": "CVE-2024-6038", "lastModified": "2024-06-27T19:25:12.067", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2024-06-27T19:15:19.040", "references": [{"source": "security@huntr.dev", "url": "https://huntr.com/bounties/d41cca0a-82bc-4cbf-a52a-928d304fb42d"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-625"}], "source": "security@huntr.dev", "type": "Primary"}]}