CVE-2021-27293

RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service.
References
Link Resource
https://github.com/restsharp/RestSharp/issues/1556 Exploit Patch Third Party Advisory
https://restsharp.dev/ Product
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:restsharp:restsharp:*:*:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.10:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.11:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.12:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.2:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.3:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.4:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.6:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.7:*:*:*:*:*:*

History

09 Sep 2021, 12:43

Type Values Removed Values Added
CPE cpe:2.3:a:restsharp:restsharp:106.11.8:alpha.0.11:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha.0.10:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha.0.7:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha.0.3:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha.0.4:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha.0.2:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha.0.6:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha.0.12:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.4:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.2:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.7:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.6:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.11:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.3:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.10:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.12:*:*:*:*:*:*

14 Jul 2021, 19:25

Type Values Removed Values Added
CWE CWE-697
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5
CPE cpe:2.3:a:restsharp:restsharp:106.11.8:alpha.0.7:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha.0.10:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha.0.12:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha.0.2:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha.0.4:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha.0.6:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha.0.3:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:*:*:*:*:*:*:*:*
cpe:2.3:a:restsharp:restsharp:106.11.8:alpha.0.11:*:*:*:*:*:*
References (MISC) https://restsharp.dev/ - (MISC) https://restsharp.dev/ - Product
References (MISC) https://github.com/restsharp/RestSharp/issues/1556 - (MISC) https://github.com/restsharp/RestSharp/issues/1556 - Exploit, Patch, Third Party Advisory

12 Jul 2021, 11:45

Type Values Removed Values Added
New CVE

Information

Published : 2021-07-12 11:15

Updated : 2024-02-04 21:47


NVD link : CVE-2021-27293

Mitre link : CVE-2021-27293

CVE.ORG link : CVE-2021-27293


JSON object : View

Products Affected

restsharp

  • restsharp
CWE
CWE-697

Incorrect Comparison