Home / Vulnerability Database / Python : DOS attack via regular expressions possible

Python

Python : DOS attack via regular expressions possible

Classification

CWE

Overview

The regexp used is unreliable, which can be computationally intensive for some inputs. Regular expression denial of service (ReDOS) attack is possible.

Regular expressions are widely used in applications to validate the user-supplied data. Expressions containing structures like (( )+)+ cause execution of a significant amount of iterations. By inputting a certain type of string an attacker can disrupt the application operation. All implementations of regular expressions have such vulnerabilities.

References

OWASP: Regular expression Denial of Service
Runaway Regular Expressions: Catastrophic Backtracking – regular-expressions.info
saferegex – Tool for testing regular expressions for ReDoS vulnerabilities
CWE-400: Uncontrolled Resource Consumption
Catastrophic Backtracking

MEDIUM

Python : DOS attack via regular expressions possible

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Python : DOS attack via regular expressions possible in your application?

See also

Python : Debug mode on

Python : Web3: Deprecated method

Python : Unsafe padding