CVE-2023-26116 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2023-26116 Interim 1 2 2023-05-22T23:16:48Z current 2023-03-30T23:17:01Z 2023-05-22T23:16:48Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2023-26116 Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 cockpit cockpit-bridge cockpit-dashboard cockpit-machines cockpit-networkmanager cockpit-selinux cockpit-storaged cockpit-system cockpit-ws cockpit as a component of SUSE Linux Enterprise Micro 5.1 cockpit-bridge as a component of SUSE Linux Enterprise Micro 5.1 cockpit-dashboard as a component of SUSE Linux Enterprise Micro 5.1 cockpit-system as a component of SUSE Linux Enterprise Micro 5.1 cockpit-ws as a component of SUSE Linux Enterprise Micro 5.1 cockpit as a component of SUSE Linux Enterprise Micro 5.2 cockpit-bridge as a component of SUSE Linux Enterprise Micro 5.2 cockpit-system as a component of SUSE Linux Enterprise Micro 5.2 cockpit-ws as a component of SUSE Linux Enterprise Micro 5.2 cockpit-machines as a component of SUSE Linux Enterprise Micro 5.2 cockpit as a component of SUSE Linux Enterprise Micro 5.3 cockpit-bridge as a component of SUSE Linux Enterprise Micro 5.3 cockpit-networkmanager as a component of SUSE Linux Enterprise Micro 5.3 cockpit-selinux as a component of SUSE Linux Enterprise Micro 5.3 cockpit-storaged as a component of SUSE Linux Enterprise Micro 5.3 cockpit-system as a component of SUSE Linux Enterprise Micro 5.3 cockpit-ws as a component of SUSE Linux Enterprise Micro 5.3 cockpit-machines as a component of SUSE Linux Enterprise Micro 5.3 cockpit as a component of SUSE Linux Enterprise Micro 5.4 cockpit-bridge as a component of SUSE Linux Enterprise Micro 5.4 cockpit-networkmanager as a component of SUSE Linux Enterprise Micro 5.4 cockpit-selinux as a component of SUSE Linux Enterprise Micro 5.4 cockpit-storaged as a component of SUSE Linux Enterprise Micro 5.4 cockpit-system as a component of SUSE Linux Enterprise Micro 5.4 cockpit-ws as a component of SUSE Linux Enterprise Micro 5.4 cockpit-machines as a component of SUSE Linux Enterprise Micro 5.4 Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. CVE-2023-26116 SUSE Linux Enterprise Micro 5.1:cockpit SUSE Linux Enterprise Micro 5.1:cockpit-bridge SUSE Linux Enterprise Micro 5.1:cockpit-dashboard SUSE Linux Enterprise Micro 5.1:cockpit-system SUSE Linux Enterprise Micro 5.1:cockpit-ws SUSE Linux Enterprise Micro 5.2:cockpit SUSE Linux Enterprise Micro 5.2:cockpit-bridge SUSE Linux Enterprise Micro 5.2:cockpit-machines SUSE Linux Enterprise Micro 5.2:cockpit-system SUSE Linux Enterprise Micro 5.2:cockpit-ws SUSE Linux Enterprise Micro 5.3:cockpit SUSE Linux Enterprise Micro 5.3:cockpit-bridge SUSE Linux Enterprise Micro 5.3:cockpit-machines SUSE Linux Enterprise Micro 5.3:cockpit-networkmanager SUSE Linux Enterprise Micro 5.3:cockpit-selinux SUSE Linux Enterprise Micro 5.3:cockpit-storaged SUSE Linux Enterprise Micro 5.3:cockpit-system SUSE Linux Enterprise Micro 5.3:cockpit-ws SUSE Linux Enterprise Micro 5.4:cockpit SUSE Linux Enterprise Micro 5.4:cockpit-bridge SUSE Linux Enterprise Micro 5.4:cockpit-machines SUSE Linux Enterprise Micro 5.4:cockpit-networkmanager SUSE Linux Enterprise Micro 5.4:cockpit-selinux SUSE Linux Enterprise Micro 5.4:cockpit-storaged SUSE Linux Enterprise Micro 5.4:cockpit-system SUSE Linux Enterprise Micro 5.4:cockpit-ws moderate 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L