Welcome Guest, Not a member yet? Register   Sign In
Server Overload Risk Vulnerability Fixes
(This post was last modified: 05-25-2024, 12:07 AM by Dialedin.)

We've identified and patched a vulnerability in the "Server Overload Risk Fixes" of CodeIgniter 2.6 that could potentially lead to Denial of Service (DoS) attacks. This vulnerability allows an attacker to consume a large amount of memory on the server.

Vulnerability Details: Fix Description:
We've developed a fix for this vulnerability that involves modifying two core files: Router.php 
and URI.php. The fix ensures that regular expressions used in routing and URI validation are properly anchored to prevent malicious exploitation.


diff --git a/system/core/Router.php b/system/core/Router.php
index b39dc16..d1c8b50 100755
--- a/system/core/Router.php
+++ b/system/core/Router.php
@@ -379,12 +379,12 @@ class CI_Router {
            $key = str_replace(':any', '.+', str_replace(':num', '[0-9]+', $key));

            // Does the RegEx match?
-            if (preg_match('#^'.$key.'$#', $uri))
+            if (preg_match('#\A'.$key.'\z#u', $uri))
                // Do we have a back-reference?
                if (strpos($val, '$') !== FALSE AND strpos($key, '(') !== FALSE)
-                    $val = preg_replace('#^'.$key.'$#', $val, $uri);
+                    $val = preg_replace('#\A'.$key.'\z#u', $val, $uri);

                return $this->_set_request(explode('/', $val));
diff --git a/system/core/URI.php b/system/core/URI.php
index a66cd71..cf38e17 100755
--- a/system/core/URI.php
+++ b/system/core/URI.php
@@ -255,7 +255,7 @@ class CI_URI {
            // preg_quote() in PHP 5.3 escapes -, so the str_replace() and addition of - to preg_quote() is to maintain backwards
            // compatibility as many are unaware of how characters in the permitted_uri_chars will be parsed as a regex pattern
-            if ( ! preg_match("|^[".str_replace(array('\\-', '\-'), '-', preg_quote($this->config->item('permitted_uri_chars'), '-'))."]+$|i", $str))
+            if ( ! preg_match("/\A[".str_replace(array('\\-', '\-'), '-', preg_quote($this->config->item('permitted_uri_chars'), '-'))."]+\z/iu", $str))
                show_error('The URI you submitted has disallowed characters.', 400);

Thank you for your attention to this matter and your continued support of CodeIgniter.

Best regards.

It seems you just changed "^...$" to "\A...\z" and added `u` option.
Could you elaborate about the DoS attacks?

(This post was last modified: 05-26-2024, 03:58 AM by Bosborne.)

How do you expect us to believe you are concerned about vulnerabilities when you run code that is so outdated & vulnerable? Why spend time painting the walls while the house is burning??

You are probably running a very vulnerable PHP version too. I doubt CI 2.6 will run on PHP 8.2 or 8.3.

The fix is to upgrade to CI4 & PHP 8.

Theme © iAndrew 2016 - Forum software by © MyBB