{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2023-26116","title":"Title"},{"category":"description","text":"Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2023-26116","url":"https://www.suse.com/security/cve/CVE-2023-26116"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1209939 for CVE-2023-26116","url":"https://bugzilla.suse.com/1209939"}],"title":"SUSE CVE CVE-2023-26116","tracking":{"current_release_date":"2025-04-25T02:40:15Z","generator":{"date":"2023-03-31T01:57:12Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2023-26116","initial_release_date":"2023-03-31T01:57:12Z","revision_history":[{"date":"2023-03-31T01:57:12Z","number":"2","summary":"Current version"},{"date":"2025-01-01T02:12:30Z","number":"3","summary":"Current version"},{"date":"2025-02-14T06:34:58Z","number":"4","summary":"Current version"},{"date":"2025-02-16T06:27:41Z","number":"5","summary":"Current version"},{"date":"2025-03-15T06:25:36Z","number":"6","summary":"Current version"},{"date":"2025-04-25T02:40:15Z","number":"7","summary":"Current version"}],"status":"interim","version":"7"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Micro 5.1","product":{"name":"SUSE Linux Enterprise Micro 5.1","product_id":"SUSE Linux Enterprise Micro 5.1","product_identification_helper":{"cpe":"cpe:/o:suse:suse-microos:5.1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Micro 5.2","product":{"name":"SUSE Linux Enterprise Micro 5.2","product_id":"SUSE Linux Enterprise Micro 5.2","product_identification_helper":{"cpe":"cpe:/o:suse:suse-microos:5.2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Micro 5.3","product":{"name":"SUSE Linux Enterprise Micro 5.3","product_id":"SUSE Linux Enterprise Micro 5.3","product_identification_helper":{"cpe":"cpe:/o:suse:sle-micro:5.3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Micro 5.4","product":{"name":"SUSE Linux Enterprise Micro 5.4","product_id":"SUSE Linux Enterprise Micro 5.4","product_identification_helper":{"cpe":"cpe:/o:suse:sle-micro:5.4"}}},{"category":"product_version","name":"cockpit","product":{"name":"cockpit","product_id":"cockpit","product_identification_helper":{"cpe":"cpe:2.3:a:cockpit-project:cockpit:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/cockpit@?upstream=cockpit.src.rpm"}}},{"category":"product_version","name":"cockpit-bridge","product":{"name":"cockpit-bridge","product_id":"cockpit-bridge","product_identification_helper":{"cpe":"cpe:2.3:a:cockpit-project:cockpit:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/cockpit-bridge@?upstream=cockpit.src.rpm"}}},{"category":"product_version","name":"cockpit-dashboard","product":{"name":"cockpit-dashboard","product_id":"cockpit-dashboard","product_identification_helper":{"cpe":"cpe:2.3:a:cockpit-project:cockpit:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/cockpit-dashboard@?upstream=cockpit.src.rpm"}}},{"category":"product_version","name":"cockpit-machines","product":{"name":"cockpit-machines","product_id":"cockpit-machines","product_identification_helper":{"purl":"pkg:rpm/suse/cockpit-machines@?upstream=cockpit-machines.src.rpm"}}},{"category":"product_version","name":"cockpit-networkmanager","product":{"name":"cockpit-networkmanager","product_id":"cockpit-networkmanager","product_identification_helper":{"cpe":"cpe:2.3:a:cockpit-project:cockpit:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/cockpit-networkmanager@?upstream=cockpit.src.rpm"}}},{"category":"product_version","name":"cockpit-selinux","product":{"name":"cockpit-selinux","product_id":"cockpit-selinux","product_identification_helper":{"cpe":"cpe:2.3:a:cockpit-project:cockpit:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/cockpit-selinux@?upstream=cockpit.src.rpm"}}},{"category":"product_version","name":"cockpit-storaged","product":{"name":"cockpit-storaged","product_id":"cockpit-storaged","product_identification_helper":{"cpe":"cpe:2.3:a:cockpit-project:cockpit:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/cockpit-storaged@?upstream=cockpit.src.rpm"}}},{"category":"product_version","name":"cockpit-system","product":{"name":"cockpit-system","product_id":"cockpit-system","product_identification_helper":{"cpe":"cpe:2.3:a:cockpit-project:cockpit:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/cockpit-system@?upstream=cockpit.src.rpm"}}},{"category":"product_version","name":"cockpit-ws","product":{"name":"cockpit-ws","product_id":"cockpit-ws","product_identification_helper":{"cpe":"cpe:2.3:a:cockpit-project:cockpit:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/cockpit-ws@?upstream=cockpit.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"cockpit as component of SUSE Linux Enterprise Micro 5.1","product_id":"SUSE Linux Enterprise Micro 5.1:cockpit"},"product_reference":"cockpit","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.1"},{"category":"default_component_of","full_product_name":{"name":"cockpit-bridge as component of SUSE Linux Enterprise Micro 5.1","product_id":"SUSE Linux Enterprise Micro 5.1:cockpit-bridge"},"product_reference":"cockpit-bridge","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.1"},{"category":"default_component_of","full_product_name":{"name":"cockpit-dashboard as component of SUSE Linux Enterprise Micro 5.1","product_id":"SUSE Linux Enterprise Micro 5.1:cockpit-dashboard"},"product_reference":"cockpit-dashboard","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.1"},{"category":"default_component_of","full_product_name":{"name":"cockpit-system as component of SUSE Linux Enterprise Micro 5.1","product_id":"SUSE Linux Enterprise Micro 5.1:cockpit-system"},"product_reference":"cockpit-system","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.1"},{"category":"default_component_of","full_product_name":{"name":"cockpit-ws as component of SUSE Linux Enterprise Micro 5.1","product_id":"SUSE Linux Enterprise Micro 5.1:cockpit-ws"},"product_reference":"cockpit-ws","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.1"},{"category":"default_component_of","full_product_name":{"name":"cockpit as component of SUSE Linux Enterprise Micro 5.2","product_id":"SUSE Linux Enterprise Micro 5.2:cockpit"},"product_reference":"cockpit","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.2"},{"category":"default_component_of","full_product_name":{"name":"cockpit-bridge as component of SUSE Linux Enterprise Micro 5.2","product_id":"SUSE Linux Enterprise Micro 5.2:cockpit-bridge"},"product_reference":"cockpit-bridge","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.2"},{"category":"default_component_of","full_product_name":{"name":"cockpit-system as component of SUSE Linux Enterprise Micro 5.2","product_id":"SUSE Linux Enterprise Micro 5.2:cockpit-system"},"product_reference":"cockpit-system","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.2"},{"category":"default_component_of","full_product_name":{"name":"cockpit-ws as component of SUSE Linux Enterprise Micro 5.2","product_id":"SUSE Linux Enterprise Micro 5.2:cockpit-ws"},"product_reference":"cockpit-ws","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.2"},{"category":"default_component_of","full_product_name":{"name":"cockpit-machines as component of SUSE Linux Enterprise Micro 5.2","product_id":"SUSE Linux Enterprise Micro 5.2:cockpit-machines"},"product_reference":"cockpit-machines","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.2"},{"category":"default_component_of","full_product_name":{"name":"cockpit as component of SUSE Linux Enterprise Micro 5.3","product_id":"SUSE Linux Enterprise Micro 5.3:cockpit"},"product_reference":"cockpit","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.3"},{"category":"default_component_of","full_product_name":{"name":"cockpit-bridge as component of SUSE Linux Enterprise Micro 5.3","product_id":"SUSE Linux Enterprise Micro 5.3:cockpit-bridge"},"product_reference":"cockpit-bridge","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.3"},{"category":"default_component_of","full_product_name":{"name":"cockpit-networkmanager as component of SUSE Linux Enterprise Micro 5.3","product_id":"SUSE Linux Enterprise Micro 5.3:cockpit-networkmanager"},"product_reference":"cockpit-networkmanager","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.3"},{"category":"default_component_of","full_product_name":{"name":"cockpit-selinux as component of SUSE Linux Enterprise Micro 5.3","product_id":"SUSE Linux Enterprise Micro 5.3:cockpit-selinux"},"product_reference":"cockpit-selinux","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.3"},{"category":"default_component_of","full_product_name":{"name":"cockpit-storaged as component of SUSE Linux Enterprise Micro 5.3","product_id":"SUSE Linux Enterprise Micro 5.3:cockpit-storaged"},"product_reference":"cockpit-storaged","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.3"},{"category":"default_component_of","full_product_name":{"name":"cockpit-system as component of SUSE Linux Enterprise Micro 5.3","product_id":"SUSE Linux Enterprise Micro 5.3:cockpit-system"},"product_reference":"cockpit-system","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.3"},{"category":"default_component_of","full_product_name":{"name":"cockpit-ws as component of SUSE Linux Enterprise Micro 5.3","product_id":"SUSE Linux Enterprise Micro 5.3:cockpit-ws"},"product_reference":"cockpit-ws","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.3"},{"category":"default_component_of","full_product_name":{"name":"cockpit-machines as component of SUSE Linux Enterprise Micro 5.3","product_id":"SUSE Linux Enterprise Micro 5.3:cockpit-machines"},"product_reference":"cockpit-machines","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.3"},{"category":"default_component_of","full_product_name":{"name":"cockpit as component of SUSE Linux Enterprise Micro 5.4","product_id":"SUSE Linux Enterprise Micro 5.4:cockpit"},"product_reference":"cockpit","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.4"},{"category":"default_component_of","full_product_name":{"name":"cockpit-bridge as component of SUSE Linux Enterprise Micro 5.4","product_id":"SUSE Linux Enterprise Micro 5.4:cockpit-bridge"},"product_reference":"cockpit-bridge","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.4"},{"category":"default_component_of","full_product_name":{"name":"cockpit-networkmanager as component of SUSE Linux Enterprise Micro 5.4","product_id":"SUSE Linux Enterprise Micro 5.4:cockpit-networkmanager"},"product_reference":"cockpit-networkmanager","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.4"},{"category":"default_component_of","full_product_name":{"name":"cockpit-selinux as component of SUSE Linux Enterprise Micro 5.4","product_id":"SUSE Linux Enterprise Micro 5.4:cockpit-selinux"},"product_reference":"cockpit-selinux","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.4"},{"category":"default_component_of","full_product_name":{"name":"cockpit-storaged as component of SUSE Linux Enterprise Micro 5.4","product_id":"SUSE Linux Enterprise Micro 5.4:cockpit-storaged"},"product_reference":"cockpit-storaged","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.4"},{"category":"default_component_of","full_product_name":{"name":"cockpit-system as component of SUSE Linux Enterprise Micro 5.4","product_id":"SUSE Linux Enterprise Micro 5.4:cockpit-system"},"product_reference":"cockpit-system","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.4"},{"category":"default_component_of","full_product_name":{"name":"cockpit-ws as component of SUSE Linux Enterprise Micro 5.4","product_id":"SUSE Linux Enterprise Micro 5.4:cockpit-ws"},"product_reference":"cockpit-ws","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.4"},{"category":"default_component_of","full_product_name":{"name":"cockpit-machines as component of SUSE Linux Enterprise Micro 5.4","product_id":"SUSE Linux Enterprise Micro 5.4:cockpit-machines"},"product_reference":"cockpit-machines","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.4"}]},"vulnerabilities":[{"cve":"CVE-2023-26116","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-26116"}],"notes":[{"category":"general","text":"Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE Linux Enterprise Micro 5.1:cockpit","SUSE Linux Enterprise Micro 5.1:cockpit-bridge","SUSE Linux Enterprise Micro 5.1:cockpit-dashboard","SUSE Linux Enterprise Micro 5.1:cockpit-system","SUSE Linux Enterprise Micro 5.1:cockpit-ws","SUSE Linux Enterprise Micro 5.2:cockpit","SUSE Linux Enterprise Micro 5.2:cockpit-bridge","SUSE Linux Enterprise Micro 5.2:cockpit-machines","SUSE Linux Enterprise Micro 5.2:cockpit-system","SUSE Linux Enterprise Micro 5.2:cockpit-ws","SUSE Linux Enterprise Micro 5.3:cockpit","SUSE Linux Enterprise Micro 5.3:cockpit-bridge","SUSE Linux Enterprise Micro 5.3:cockpit-machines","SUSE Linux Enterprise Micro 5.3:cockpit-networkmanager","SUSE Linux Enterprise Micro 5.3:cockpit-selinux","SUSE Linux Enterprise Micro 5.3:cockpit-storaged","SUSE Linux Enterprise Micro 5.3:cockpit-system","SUSE Linux Enterprise Micro 5.3:cockpit-ws","SUSE Linux Enterprise Micro 5.4:cockpit","SUSE Linux Enterprise Micro 5.4:cockpit-bridge","SUSE Linux Enterprise Micro 5.4:cockpit-machines","SUSE Linux Enterprise Micro 5.4:cockpit-networkmanager","SUSE Linux Enterprise Micro 5.4:cockpit-selinux","SUSE Linux Enterprise Micro 5.4:cockpit-storaged","SUSE Linux Enterprise Micro 5.4:cockpit-system","SUSE Linux Enterprise Micro 5.4:cockpit-ws"]},"references":[{"category":"external","summary":"CVE-2023-26116","url":"https://www.suse.com/security/cve/CVE-2023-26116"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1209939 for CVE-2023-26116","url":"https://bugzilla.suse.com/1209939"}],"threats":[{"category":"impact","date":"2023-03-30T06:00:17Z","details":"moderate"}],"title":"CVE-2023-26116"}]}