CVE-2018-20164

Published: 13 February 2019

An issue was discovered in regex.yaml (aka regexes.yaml) in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service (ReDoS) issue allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to a value containing a long digit string. (The UAP-Core project contains the vulnerability, propagating to all implementations.)

Priority

Low

CVSS 3 base score: 5.3

Status

Package Release Status
uap-core
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(20190213-2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist