Bug 2216827 (CVE-2023-26115)
| Summary: | CVE-2023-26115 word-wrap: ReDoS | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Anten Skrabec <askrabec> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | aazores, adupliak, aileenc, alampare, alazarot, amctagga, ansmith, aveerama, bdettelb, boliveir, caswilli, chazlett, cluster-maint, dcadzow, dffrench, dfreiber, dhalasz, dhanak, dkenigsb, dkuc, drichtar, dymurray, eaguilar, ebaron, ellin, emingora, eric.wittmann, fdeutsch, fdupont, fjansen, gjospin, gmalinko, gparvin, grafana-maint, gzaronik, hbraun, hkataria, ibek, ibolton, idevat, janstey, jburrell, jcantril, jkang, jkoehler, jkurik, jmatthew, jmitchel, jmontleo, jpallich, jpavlik, jrokos, jross, jscotka, jshaughn, jtanner, jwendell, kaycoth, kshier, kverlaen, lbacciot, mcressma, micjohns, mlisik, mnovotny, mpitt, mpospisi, mresvani, nathans, nbecker, nboldt, ngough, njean, ocs-bugs, omular, oramraz, owatkins, pahickey, pantinor, pdelbell, pdrozd, peholase, periklis, pjindal, psegedy, pskopek, rcernich, release-test-team-automation, rgarg, rgodfrey, rguimara, rjohnson, rogbas, rowaters, saroy, scorneli, scox, sfroberg, sgott, shbose, slucidi, smullick, sseago, stcannon, sthirugn, sthorger, tcarlin, teagle, tkasparek, tojeline, tsasak, twalsh, ubhargav, vkrizan, vkumar, vmugicag |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | word-wrap 1.2.4 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-07-12 22:21:21 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2216844, 2216894, 2216831, 2216832, 2216833, 2216834, 2216835, 2216836, 2216837, 2216838, 2216839, 2216840, 2216841, 2216842, 2216895, 2216896, 2217094 | ||
| Bug Blocks: | 2216830 | ||
|
Description
Anten Skrabec
2023-06-22 19:29:55 UTC
Created golang-github-prometheus tracking bugs for this issue: Affects: epel-all [bug 2216894] Created magicmirror tracking bugs for this issue: Affects: fedora-all [bug 2216895] Created pcs tracking bugs for this issue: Affects: fedora-all [bug 2216896] This issue has been addressed in the following products: RHOL-5.7-RHEL-8 Via RHSA-2023:3998 https://access.redhat.com/errata/RHSA-2023:3998 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-26115 This issue has been addressed in the following products: RHODF-4.13-RHEL-9 Via RHSA-2023:5376 https://access.redhat.com/errata/RHSA-2023:5376 This issue has been addressed in the following products: NETWORK-OBSERVABILITY-1.4.0-RHEL-9 Via RHSA-2023:5379 https://access.redhat.com/errata/RHSA-2023:5379 This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.8 Via RHSA-2023:5447 https://access.redhat.com/errata/RHSA-2023:5447 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2023:5006 https://access.redhat.com/errata/RHSA-2023:5006 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2023:7681 https://access.redhat.com/errata/RHSA-2023:7681 |