CVE-2022-34428

Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service.

Weakness

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

Affected Software

Name	Vendor	Start Version	End Version
Hybrid_client	Dell	1.5 (including)	1.5 (including)
Hybrid_client	Dell	1.6 (including)	1.6 (including)
Hybrid_client	Dell	1.6.1 (including)	1.6.1 (including)
Hybrid_client	Dell	1.6.2 (including)	1.6.2 (including)

Extended Description

	  Attackers can create crafted inputs that
	  intentionally cause the regular expression to use
	  excessive backtracking in a way that causes the CPU
	  consumption to spike.

Potential Mitigations

https://cwe.mitre.org/data/definitions/492.html

References

https://www.dell.com/support/kbdoc/en-us/000203345/dsa-2022-260-dell-hybrid-client-security-update-for-multiple-vulnerabilities
https://www.dell.com/support/kbdoc/en-us/000203345/dsa-2022-260-dell-hybrid-client-security-update-for-multiple-vulnerabilities

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-34428
CWE	https://cwe.mitre.org/data/definitions/1333.html

Inefficient Regular Expression Complexity

Weakness

Affected Software

Extended Description

Potential Mitigations

Related Attack Patterns

References