Home / Vulnerability Database / Scala : DOS attack via regular expressions possible

Scala

Scala : DOS attack via regular expressions possible

Classification

CWE

Overview

The regexp used is unreliable, which can be computationally intensive for some inputs. Regular expression denial of service (ReDOS) attack is possible.

Regular expressions are widely used in applications to validate the user-supplied data. Expressions containing structures like (( )+)+ cause execution of a significant amount of iterations. By inputting a certain type of string an attacker can disrupt the application operation. All implementations of regular expressions have such vulnerabilities.

References

OWASP: Regular expression Denial of Service
Runaway Regular Expressions: Catastrophic Backtracking – regular-expressions.info
saferegex – Tool for testing regular expressions for ReDoS vulnerabilities
CWE-400: Uncontrolled Resource Consumption
Catastrophic Backtracking

MEDIUM

Scala : DOS attack via regular expressions possible

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Scala : DOS attack via regular expressions possible in your application?

See also

Scala : Unreleased resource stream

Scala : Multiple loggers in same class

Scala : Insufficient encryption key length