Home / Vulnerability Database / Swift : DOS attack via regular expressions possible

Swift

Swift : DOS attack via regular expressions possible

Classification

CWE

Overview

The regexp used is unreliable, which can be computationally intensive for some inputs. Regular expression denial of service (ReDOS) attack is possible.

Regular expressions are widely used in applications to validate the user-supplied data. Expressions containing structures like (( )+)+ cause execution of a significant amount of iterations. By inputting a certain type of string an attacker can disrupt the application operation. All implementations of regular expressions have such vulnerabilities.

References

OWASP: Regular expression Denial of Service
Runaway Regular Expressions: Catastrophic Backtracking – regular-expressions.info
saferegex – Tool for testing regular expressions for ReDoS vulnerabilities
CWE-400: Uncontrolled Resource Consumption
Catastrophic Backtracking

MEDIUM

Swift : DOS attack via regular expressions possible

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Swift : DOS attack via regular expressions possible in your application?

See also

Swift : Nill password

Swift : Hardcoded salt

Swift : Undocumented feature: special account