CVE-2023-26116
Regular Expression Denial of Service vulnerability in angular
What is CVE-2023-26116 About?
This vulnerability is a Regular Expression Denial of Service (ReDoS) found in the angular.copy() utility function due to an insecure regular expression. It allows attackers to trigger catastrophic backtracking with a large, carefully crafted input, potentially leading to a denial of service. Exploitation is relatively easy given a vulnerable regex and reachable input.
Affected Software
Technical Details
The vulnerability resides in the angular.copy() utility function within the 'angular' package, where an insecure regular expression is utilized. When this function processes a specially crafted, large input string, the regular expression engine enters a state of 'catastrophic backtracking.' This occurs when the regex engine attempts to match a pattern with multiple ways to match the same substring, leading to an exponential increase in processing time. A malicious input can cause the regex engine to consume excessive CPU resources and time, effectively leading to a denial of service for the application or system using the vulnerable function.
What is the Impact of CVE-2023-26116?
Successful exploitation may allow attackers to degrade system performance, cause application unresponsiveness, or lead to a complete denial of service, making the affected application unavailable to legitimate users.
What is the Exploitability of CVE-2023-26116?
Exploitation of this ReDoS vulnerability involves crafting a specific input that triggers catastrophic backtracking in the vulnerable regular expression. The complexity is moderate, requiring knowledge of regular expression engines and the ability to construct a Denial of Service payload. No authentication or special privileges are required, making it a remote exploitation vector if the input can be controlled by an attacker. The primary risk factor is the application's exposure to untrusted user input that is processed by the affected angular.copy() function.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2023-26116?
Available Upgrade Options
- No fixes available
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322
- https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos
- https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
What are Similar Vulnerabilities to CVE-2023-26116?
Similar Vulnerabilities: CVE-2022-40897 , CVE-2021-4202 , CVE-2020-15167 , CVE-2021-3807 , CVE-2021-32640
