RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service.
{
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "106.11.8-alpha0\\.10"
},
{
"last_affected": "106.11.8-alpha0\\.10"
},
{
"introduced": "106.11.8-alpha0\\.11"
},
{
"last_affected": "106.11.8-alpha0\\.11"
},
{
"introduced": "106.11.8-alpha0\\.12"
},
{
"last_affected": "106.11.8-alpha0\\.12"
},
{
"introduced": "106.11.8-alpha0\\.2"
},
{
"last_affected": "106.11.8-alpha0\\.2"
},
{
"introduced": "106.11.8-alpha0\\.3"
},
{
"last_affected": "106.11.8-alpha0\\.3"
},
{
"introduced": "106.11.8-alpha0\\.4"
},
{
"last_affected": "106.11.8-alpha0\\.4"
},
{
"introduced": "106.11.8-alpha0\\.6"
},
{
"last_affected": "106.11.8-alpha0\\.6"
},
{
"introduced": "106.11.8-alpha0\\.7"
},
{
"last_affected": "106.11.8-alpha0\\.7"
}
],
"source": "CPE_STRING",
"vendor_product": "restsharp:restsharp",
"cpes": [
"cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.10:*:*:*:*:*:*",
"cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.11:*:*:*:*:*:*",
"cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.12:*:*:*:*:*:*",
"cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.2:*:*:*:*:*:*",
"cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.3:*:*:*:*:*:*",
"cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.4:*:*:*:*:*:*",
"cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.6:*:*:*:*:*:*",
"cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.7:*:*:*:*:*:*"
]
}
]
}{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:restsharp:restsharp:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "106.11.7"
}
]
}