PT-2023-12826 · Unknown+5 · Http-Cache-Semantics+5

Carter Snook

·

Published

2023-01-31

·

Updated

2026-05-18

·

CVE-2022-25881

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions http-cache-semantics versions prior to 4.1.1
Description The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. This leads to a Denial of Service due to an Inefficient Regular Expression Complexity.
Recommendations For versions prior to 4.1.1, update to version 4.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the library until a patch is applied. Avoid using the library to read cache policies from requests with potentially malicious header values until the issue is resolved.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333

Related Identifiers

ALSA-2023:1582
ALSA-2023:1583
ALSA-2023:1743
ALSA-2023:2654
ALSA-2023:2655
AZL-13173
AZL-43768
AZL-44958
CESA-2023_1582
CESA-2023_1583
CESA-2023_1743
CLEANSTART-2026-AD27625
CLEANSTART-2026-TZ34913
CVE-2022-25881
GHSA-RC47-6667-2J5J
OESA-2023-1551
OPENSUSE-SU-2024:12870-1
RHSA-2023:1533
RHSA-2023:1582
RHSA-2023:1583
RHSA-2023:1742
RHSA-2023:1743
RHSA-2023:1744
RHSA-2023:2654
RHSA-2023:2655
RHSA-2023:5533
RHSA-2023_1582
RHSA-2023_1583
RHSA-2023_1743
RHSA-2023_2654
RHSA-2023_2655
RLSA-2023:1582
RLSA-2023:1583
RLSA-2023:1743
RLSA-2023:2655
SUSE-SU-2023:1871-1
SUSE-SU-2023:1872-1
SUSE-SU-2023:1875-1
SUSE-SU-2023:1876-1
SUSE-SU-2023:1923-1
SUSE-SU-2023:1924-1
SUSE-SU-2023:1942-1
SUSE-SU-2023:2662-1
SUSE-SU-2023:2669-1
SUSE-SU-2023_1871-1
SUSE-SU-2023_1872-1
SUSE-SU-2023_1875-1
SUSE-SU-2023_1876-1
SUSE-SU-2023_1923-1
SUSE-SU-2023_1924-1
SUSE-SU-2023_1942-1
SUSE-SU-2023_2662-1
SUSE-SU-2023_2669-1

Affected Products

Almalinux
Centos
Red Hat
Rocky Linux
Suse
Http-Cache-Semantics