Addison Crump discovered that rust-regex did not properly limit
the complexity of the regular expressions (regex) it parses.
An attacker could possibly use this issue to cause a denial of
service.

References

ubuntu.com/security/CVE-2022-24713

ubuntu.com/security/notices/USN-5610-1

veracode 1

rustsec 1

osv 12

fedora 3

openvas 25

githubexploit 1

github 1

cve 1

ubuntucve 1

redhatcve 1

nessus 41

alpinelinux 1

debiancve 1

prion 1

hackerone 1

ubuntu 2

slackware 2

kaspersky 3

redos 2

redhat 10

altlinux 2

debian 4

oraclelinux 4

suse 2

mozilla 3

almalinux 2

rocky 2

amazon 1

mageia 2

ibm 2

gentoo 2

veracode

Denial Of Service (DoS)

2022-04-09 00:46:36

rustsec

Regexes with large repetitions on empty sub-expressions take a very long time to parse

2022-03-08 12:00:00

osv

Rust's regex crate vulnerable to regular expression denial of service

2022-03-08 20:00:36

Regexes with large repetitions on empty sub-expressions take a very long time to parse

2022-03-08 12:00:00

CVE-2022-24713

2022-03-08 19:15:08

fedora

[SECURITY] Fedora 36 Update: rust-regex-1.5.5-1.fc36

2022-03-26 15:45:42

[SECURITY] Fedora 34 Update: rust-regex-1.5.5-1.fc34

2022-03-17 14:43:04

[SECURITY] Fedora 35 Update: rust-regex-1.5.5-1.fc35

2022-03-17 15:47:18

openvas

Fedora: Security Advisory for rust-regex (FEDORA-2022-ceb3e03c5e)

2022-03-23 00:00:00

Fedora: Security Advisory for rust-regex (FEDORA-2022-8436ac4c39)

2022-03-23 00:00:00

Fedora: Security Advisory for rust-regex (FEDORA-2022-d20d44ba98)

2022-03-27 00:00:00

githubexploit

Exploit for Inefficient Regular Expression Complexity in Rust-Lang Regex

2022-06-05 22:17:00

github

Rust's regex crate vulnerable to regular expression denial of service

2022-03-08 20:00:36

cve

CVE-2022-24713

2022-03-08 19:15:00

ubuntucve

CVE-2022-24713

2022-03-08 00:00:00

redhatcve

CVE-2022-24713

2022-04-06 14:50:16

nessus

Ubuntu 20.04 LTS / 22.04 LTS : rust-regex vulnerability (USN-5610-1)

2022-09-14 00:00:00

SUSE SLED15 / SLES15 Security Update : sccache (SUSE-SU-2022:4073-1)

2022-11-19 00:00:00

SUSE SLES15 / openSUSE 15 Security Update : aws-nitro-enclaves-cli (SUSE-SU-2023:1844-1)

2023-04-15 00:00:00

alpinelinux

CVE-2022-24713

2022-03-08 19:15:00

debiancve

CVE-2022-24713

2022-03-08 19:15:00

prion

Design/Logic Flaw

2022-03-08 19:15:00

hackerone

Internet Bug Bounty: Regexes with large repetitions on empty sub-expressions take a very long time to parse

2022-03-21 20:57:04

ubuntu

rust-regex vulnerability

2022-09-14 00:00:00

Firefox vulnerabilities

2022-04-07 00:00:00

slackware

[slackware-security] mozilla-firefox

2022-04-05 19:19:02

[slackware-security] mozilla-thunderbird

2022-04-06 20:29:58

kaspersky

KLA12497 Multiple vulnerabilities in Mozilla Firefox ESR

2022-04-05 00:00:00

KLA12498 Multiple vulnerabilities in Mozilla Thunderbird

2022-03-07 00:00:00

KLA12496 Multiple vulnerabilities in Mozilla Firefox

2022-04-05 00:00:00

redos

ROS-20220412-02

2022-04-12 00:00:00

ROS-20220412-03

2022-04-12 00:00:00

redhat

(RHSA-2022:1285) Important: firefox security update

2022-04-08 13:33:48

(RHSA-2022:1283) Important: firefox security update

2022-04-08 13:30:19

(RHSA-2022:1284) Important: firefox security update

2022-04-08 13:32:17

altlinux

Security fix for the ALT Linux 10 package firefox-esr version 91.8.0-alt1

2022-04-06 00:00:00

Security fix for the ALT Linux 10 package thunderbird version 91.8.0-alt1

2022-04-06 00:00:00

debian

[SECURITY] [DLA 2971-1] firefox-esr security update

2022-04-07 08:43:52

[SECURITY] [DSA 5113-1] firefox-esr security update

2022-04-06 17:11:21

[SECURITY] [DSA 5118-1] thunderbird security update

2022-04-10 18:10:05

oraclelinux

firefox security update

2022-04-08 00:00:00

firefox security update

2022-04-08 00:00:00

thunderbird security update

2022-04-12 00:00:00

suse

Security update for MozillaFirefox (important)

2022-04-07 00:00:00

Security update for MozillaThunderbird (important)

2022-04-13 00:00:00

mozilla

Security Vulnerabilities fixed in Firefox ESR 91.8 — Mozilla

2022-04-05 00:00:00

Security Vulnerabilities fixed in Thunderbird 91.8 — Mozilla

2022-04-05 00:00:00

Security Vulnerabilities fixed in Firefox 99 — Mozilla

2022-04-05 00:00:00

almalinux

Important: firefox security update

2022-04-08 13:40:04

Important: thunderbird security update

2022-04-11 13:29:58

rocky

firefox security update

2022-04-08 13:40:04

thunderbird security update

2022-04-11 13:29:58

amazon

Important: thunderbird

2022-04-25 23:45:00

mageia

Updated firefox/nss/rootcerts packages fix security vulnerability

2022-04-29 01:46:19

Updated thunderbird packages fix security vulnerabilities

2022-04-29 01:46:19

ibm

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 91.8.0ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16 - 2022.4.0

2022-04-29 04:43:11

Security Bulletin: Multiple vulnerabilities in Mozilla Firefox affect IBM Cloud Pak for Multicloud Management Monitoring.

2023-01-31 14:47:39

gentoo

Mozilla Firefox: Multiple Vulnerabilities

2022-08-10 00:00:00

Mozilla Thunderbird: Multiple Vulnerabilities

2022-08-10 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

71.8%

JSON

Related for OSV:USN-5610-1