Regular expression denial of service vulnerability of WEBrick’s Digest authentication module was found. An attacker can exploit this vulnerability to cause an effective denial of service against a WEBrick service.
Created ruby tracking bugs for this issue:
Affects: fedora-all [bug 1773729]
Upstream patch for this issue:
Author: Nobuyoshi Nakada <email@example.com>
Date: Tue Aug 13 12:14:28 2019 +0900
Loop with String#scan without creating substrings
Create the substrings necessary parts only, instead of cutting the
rest of the buffer. Also removed a useless, probable typo, regexp.
There's an issue with HTTPAuth when using AuthDigest mode in Ruby and webricks. When using DigestAuth HTTP authentication method, ruby uses a regular expression to split the session parameters in split_param_value() function. There's a flaw on the regular expression mentioned earlier which an attacker may leverage by sending a crafted message header which leads the regular expression to a heavily CPU consuming backtracking resulting in DoS.