PHP : DOS attack via regular expressions possible

The regexp used is from an unreliable source, which can be computationally intensive for some inputs. Regular expression denial of service (ReDOS) attack is possible.

Regular expressions are widely used in applications to validate the user-supplied data. Expressions containing structures like (( )+)+ cause execution of a significant amount of iterations. By inputting a certain type of string an attacker can disrupt the application operation. All implementations of regular expressions have such vulnerabilities.