CVE-2024-3114: GitLab Regular Expression Denial of Service Attack Affecting Multiple Versions

A severe issue has been discovered in GitLab CE/EE that affects multiple versions of the software. This vulnerability is registered as CVE-2024-3114 and can potentially lead to a regular expression Denial of Service (ReDoS) attack on the affected server. This post will cover the details of the vulnerability, the affected versions, and provide exploit details along with code snippets.

Vulnerability Details

The issue, specific to CVE-2024-3114, has been identified in the processing logic of GitLab CE/EE while parsing invalid commits. When GitLab processes these commits, it becomes vulnerable to a ReDoS attack, causing the server to consume excessive amounts of resources, leading to slow performance or complete unresponsiveness.

Versions 17.2 prior to 17.2.2

If you are running any of these versions, it is crucial to take immediate action to protect your server and the data stored within.

Exploit Details

The exploit occurs when GitLab processes an invalid commit message containing a maliciously crafted regular expression. This results in the server becoming overwhelmed, causing a significant decrease in performance or ultimately crashing the server, rendering it unresponsive.

A sample code snippet demonstrating this vulnerability can be found below

# malicious_commit_message.rb
commit_message = <<~MESSAGE
  Update README.md
  - Added new section " #{'A' * 500} " 
MESSAGE

Here, the commit_message contains a long string of characters within the section name that will eventually lead to the ReDoS exploit when parsed by the affected GitLab versions.

For more information and to stay updated on CVE-2024-3114, be sure to visit the following links

- GitLab Security Advisory
- CVE-2024-3114 National Vulnerability Database

Conclusion and Mitigation

It is crucial to protect your GitLab server from potential CVE-2024-3114 exploits by updating the server to the latest version or applying the necessary patches. GitLab has released several patches, specifically 17..6, 17.1.4, and 17.2.2, to address this vulnerability. If you are running an affected version, it is highly recommended that you update and patch your server immediately.

As always, in order to protect your data and servers from potential threats, make sure to run up-to-date software and follow the best security practices. Keep yourself informed about the latest vulnerabilities and updates and stay proactive in securing your infrastructure.

Timeline

Published on: 08/08/2024 11:15:12 UTC
Last modified on: 08/08/2024 13:04:18 UTC