---
gem: user_agent_parser
cve: 2020-5243
ghsa: pcqq-5962-hvcw
url: https://github.com/ua-parser/uap-ruby/security/advisories/GHSA-pcqq-5962-hvcw
date: 2020-03-10
title: Denial of Service in uap-core when processing crafted User-Agent strings
description: |-
  ### Impact
  Some regexes are vulnerable to regular expression denial of service (REDoS) due to
  overlapping capture groups. This allows remote attackers to overload a server by
  setting the User-Agent header in an HTTP(S) request to maliciously crafted long
  strings.

  ### Patches
  Please update `uap-ruby` to >= v2.6.0

  ### For more information
  https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p

cvss_v3: 5.7

patched_versions:
  - ">= 2.6.0"

related:
  ghsa:
    - cmcx-xhr8-3w9p