websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.
Created rubygem-websocket-extensions tracking bugs for this issue:
Affects: fedora-all [bug 1845979]
This flaw is also present in the websocket-extensions-node library, which uses an identical parser.
Red Hat CloudForms 4.7 (CFME 5.10) is in the maintenance phase and we will not be fixing Medium/Low impact security bugs. Reference: https://access.redhat.com/support/policy/updates/cloudforms
Red Hat Satellite 6 ships affected RubyGem Websocket-extensions, however, product is not vulnerable to the flaw. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification
This issue has been addressed in the following products:
Red Hat Satellite 6.7 for RHEL 8
Via RHSA-2020:4366 https://access.redhat.com/errata/RHSA-2020:4366
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):