SB2020081702 - Multiple vulnerabilities in Nim
Published: August 17, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2020-15694)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of server responses in the standard library httpClient. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack or force the application to perform unexpected actions as demonstrated by the httpClient.get().contentLength() that does not raise any error if a malicious server provides a negative Content-Length.
2) OS Command Injection (CVE-ID: CVE-2020-15692)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation passed as argument to browsers.openDefaultBrowser method. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) CRLF injection (CVE-ID: CVE-2020-15693)
The vulnerability allows a remote attacker to inject arbitrary data in server response.
The vulnerability exists due to insufficient validation of attacker-supplied data when processing URL in the standard library httpClient. A remote attacker can pass a specially crafted URL to the application and changes values of headers via CR-LF characters when processed with httpClient.get or httpClient.post methods.
Remediation
Install update from vendor's website.
References
- https://github.com/nim-lang/Nim/blob/dc5a40f3f39c6ea672e6dc6aca7f8118a69dda99/lib/pure/httpclient.nim#L241
- https://nim-lang.org/blog/2020/07/30/versions-126-and-108-released.html
- https://github.com/nim-lang/Nim/blob/dc5a40f3f39c6ea672e6dc6aca7f8118a69dda99/lib/pure/browsers.nim#L48
- https://github.com/nim-lang/Nim/blob/dc5a40f3f39c6ea672e6dc6aca7f8118a69dda99/lib/pure/httpclient.nim#L1023