PT-2024-5511 · Gitlab · Gitlab Ce/Ee+1

Published

2024-08-07

Updated

2024-08-30

CVE-2024-3114

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 11.10 through 17.0.5 GitLab CE/EE versions 17.1 through 17.1.3 GitLab CE/EE versions 17.2 through 17.2.1

Description An issue was discovered in the processing logic for parsing invalid commits, which can lead to a regular expression Denial of Service (DoS) attack on the server. The vulnerability is related to uncontrolled resource consumption due to the use of regular expressions when handling invalid commits. This can allow a remote attacker to cause a denial of service.

Recommendations For versions 11.10 through 17.0.5, update to version 17.0.6 or later. For versions 17.1 through 17.1.3, update to version 17.1.4 or later. For versions 17.2 through 17.2.1, update to version 17.2.2 or later.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-1333

Related Identifiers

BDU:2024-06160

BIT-GITLAB-2024-3114

CVE-2024-3114

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2024-5511 · Gitlab · Gitlab Ce/Ee+1

CVE-2024-3114

Weakness Enumeration

Related Identifiers

Affected Products

References · 16