PT-2021-3195 · Ssri+5 · Ssri+5

Aveek Biswas

·

Published

2021-03-12

·

Updated

2024-06-15

·

CVE-2021-27290

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions ssri versions 5.2.2 through 8.0.0
Description The issue is related to the processing of SRIs using a regular expression, which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.
Recommendations For versions 5.2.2 through 8.0.0, update to version 8.0.1 to resolve the issue. As a temporary workaround, consider disabling the strict option until a patch is available. Restrict the use of SRIs to minimize the risk of exploitation.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALSA-2021:3073
ALSA-2021:3074
BDU:2021-02890
CESA-2021_3073
CESA-2021_3074
CVE-2021-27290
GHSA-VX3P-948G-6VHQ
MGASA-2021-0372
OESA-2022-1620
OPENSUSE-SU-2021:1059-1
OPENSUSE-SU-2021:1060-1
OPENSUSE-SU-2021:1061-1
OPENSUSE-SU-2021:1113-1
OPENSUSE-SU-2021:2327-1
OPENSUSE-SU-2021:2353-1
OPENSUSE-SU-2021:2354-1
OPENSUSE-SU-2021:2618-1
OPENSUSE-SU-2021_1059-1
OPENSUSE-SU-2021_1060-1
OPENSUSE-SU-2021_1061-1
OPENSUSE-SU-2021_1113-1
OPENSUSE-SU-2021_2327-1
OPENSUSE-SU-2021_2353-1
OPENSUSE-SU-2021_2354-1
OPENSUSE-SU-2021_2618-1
OPENSUSE-SU-2024:11096-1
RHSA-2021:2931
RHSA-2021:2932
RHSA-2021:3073
RHSA-2021:3074
RHSA-2021:3638
RHSA-2021:3639
RHSA-2021_3073
RHSA-2021_3074
RLSA-2021:3073
RLSA-2021:3074
SUSE-SU-2021:2319-1
SUSE-SU-2021:2323-1
SUSE-SU-2021:2326-1
SUSE-SU-2021:2327-1
SUSE-SU-2021:2353-1
SUSE-SU-2021:2354-1
SUSE-SU-2021:2618-1
SUSE-SU-2021:2620-1

Affected Products

Almalinux
Centos
Red Hat
Rocky Linux
Suse
Ssri