A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to spec…
A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.
The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.
https://cwe.mitre.org/data/definitions/1333.html →Open in CWE collection →An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.
https://capec.mitre.org/data/definitions/492.html →Open in CAPEC collection →| Product | Vendor | Status |
|---|---|---|
| puppet | Tracked | |
| puppet | Tracked | |
| puppet | Tracked | |
| puppet | Tracked | |
| puppet | Tracked | |
| puppet | Tracked | |
| puppetserver | Tracked | |
| puppetserver | Tracked | |
| puppetserver | Tracked | |
| puppetserver | Tracked | |
| puppetserver | Tracked | |
| puppetserver | Tracked | |
| puppetserver | Tracked | |
| puppetserver | Tracked | |
| puppetserver | Tracked | |
| puppet_enterprise | * | Tracked |
| puppet_server | * | Tracked |