Inefficient Regular Expression Complexity in faisalman/ua-parser-js
Sep 16th 2021
Hello my dear
I found another inefficient regular expression in
ua-parser-js that have a Polynomial execution time ( not exponential but still dangerous).
Proof of Concept
I create two payloads that you can compare the execution times between them in Regexr provided links.
if you got error in execution time in Regexr this means that the execution time is greater that 2.5 second.
Emailed the maintainers for you, amammad.
Hi, thanks for reporting the issue, I have followed the links that you give but I don't see the error in execution time that you mentioned.. Can you provide more details regarding this issue? Thanks
excuse me for my bad explanation
first open this url
https://regexr.com/ and use
/^\s+|\s+$/g that already placed in your code.
this is a correct input for this regex that have a low time execution and you should copy the spaces too :
this is a bad crafted input :
if you compare the execution time of this two payloads you can find out that the regex is inefficient.
I mentioned to error because if you face with error in
Regexr.com you understand this means the execution time is too much.
I can provide a PoC video just tell me to do that
and If there isn't any problem can I ask you just validate my report? the report will remain confidential until you submit a patch for it.
OK I hope always you have a secure programming days.
Do you think this solved the original issue?
I tested it and seems has a good execution time
@maintainer - are you able to confirm the fix against the report?
We can then go ahead and publish a CVE on your behalf.
The original fix turns out to be vulnerable as well, which later fixed in https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411
GHSA: GHSA-fhg7-m89q-25r3 CVE: CVE-2022-25927