Lucene search
GoogleOSV:GHSA-XFHP-GMH8-R8V2HistoryMar 19, 2021 - 9:22 p.m.
printf vulnerable to Regular Expression Denial of Service (ReDoS)
2021-03-1921:22:10
Google
osv.dev
8
printf package
vulnerable
redos
regex string
printf.js
worst-case time complexity
software
EPSS
0.002
Percentile
57.4%
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/g
in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity.
Related
cvelist
cvelist
CVE-2021-23354 Regular Expression Denial of Service (ReDoS)
2021-03-12 15:10:16
github
github
printf vulnerable to Regular Expression Denial of Service (ReDoS)
2021-03-19 21:22:10
prion
prion
Design/Logic Flaw
2021-03-12 15:15:00
osv
osv
CVE-2021-23354
2021-03-12 15:15:14
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2021-03-15 09:49:54
nvd
nvd
CVE-2021-23354
2021-03-12 15:15:14
cve
cve
CVE-2021-23354
2021-03-12 15:15:14