Regular expression denial of service vulnerability of WEBrick’s Digest authentication module was found. An attacker can exploit this vulnerability to cause an effective denial of service against a WEBrick service. Reference: https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/
Created ruby tracking bugs for this issue: Affects: fedora-all [bug 1773729]
External References: https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/
Upstream patch for this issue: https://github.com/ruby/ruby/commit/36e057e26ef2104bc2349799d6c52d22bb1c7d03 commit 36e057e26ef2104bc2349799d6c52d22bb1c7d03 Author: Nobuyoshi Nakada <nobu> Date: Tue Aug 13 12:14:28 2019 +0900 Loop with String#scan without creating substrings Create the substrings necessary parts only, instead of cutting the rest of the buffer. Also removed a useless, probable typo, regexp.
There's an issue with HTTPAuth when using AuthDigest mode in Ruby and webricks. When using DigestAuth HTTP authentication method, ruby uses a regular expression to split the session parameters in split_param_value() function. There's a flaw on the regular expression mentioned earlier which an attacker may leverage by sending a crafted message header which leads the regular expression to a heavily CPU consuming backtracking resulting in DoS.
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2021:2104 https://access.redhat.com/errata/RHSA-2021:2104
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-16201
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2021:2230 https://access.redhat.com/errata/RHSA-2021:2230
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:2587 https://access.redhat.com/errata/RHSA-2021:2587
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:2588 https://access.redhat.com/errata/RHSA-2021:2588
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:0581 https://access.redhat.com/errata/RHSA-2022:0581
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0582 https://access.redhat.com/errata/RHSA-2022:0582