Regular Expression Denial Of Service (ReDoS)

vLLM is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the use of a highly complex and nested regular expression for tool call detection, which allows an attacker to trigger excessive backtracking and degrade service performance...

Regular Expression Denial Of Service (ReDoS)

vllm is vulnerable to Regular Expression Denial of Service ReDoS attacks. The vulnerability is due to certain regular expression patterns that lead to catastrophic backtracking when processing crafted input, allowing an attacker to slow down or crash the application...

Regular Expression Denial Of Service (ReDoS)

marked is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expressions due to catastrophic backtracking when parsing HTML tags and markdown links with specially crafted input...

Regular Expression Denial of Service (ReDoS)

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in multiple locations in the code. An attacker can cause a denial of service by supplying specially craft...

vLLM vulnerable to Regular Expression Denial of Service

Summary A recent review identified several regular expressions in the vllm codebase that are susceptible to Regular Expression Denial of Service ReDoS attacks. These patterns, if fed with crafted or malicious input, may cause severe performance degradation due to catastrophic backtracking. 1...

GHSA-J828-28RJ-HFHP vLLM vulnerable to Regular Expression Denial of Service

Summary A recent review identified several regular expressions in the vllm codebase that are susceptible to Regular Expression Denial of Service ReDoS attacks. These patterns, if fed with crafted or malicious input, may cause severe performance degradation due to catastrophic backtracking. 1...

GHSA-P9WX-2529-FP83 Marked allows Regular Expression Denial of Service (ReDoS) attacks

Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service ReDoS attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can exploit this vulnerability by providing specially crafted markdown...

DEBIAN-CVE-2018-25110

Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service ReDoS attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can exploit this vulnerability by providing specially crafted markdown...

UBUNTU-CVE-2018-25110

Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service ReDoS attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can exploit this vulnerability by providing specially crafted markdown...

CVE-2018-25110

CVE-2018-25110 affects the markedjs/marked parser. The vulnerability stems from catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links, allowing a Regular Expression Denial of Service (ReDoS) via crafted markdown input (e.g., deeply nested or repeti...

CVE-2024-7610

A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch...

PT-2025-28999

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.15.0-rc4 Description: A flaw was discovered in the Linux kernel's BPF Berkeley Packet Filter verifier. The issue involves not excluding the stack pointer register during precision backtracking bookkeeping,...

marked 安全漏洞

marked is a Markdown parser and compiler written in JavaScript by Christopher Jeffrey, an individual developer in the United States. A security vulnerability exists in marked prior to version 0.3.17, which stems from catastrophic backtracking of regular expressions parsing HTML tags and markdown...

CVE-2021-39917

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking...

CVE-2021-39933

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input notes, comments, etc was susceptible to catastroph...

CVE-2021-29469

Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. The issue is patched in version 3.1.1...

CVE-2020-13349

An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are =8.12, =13.4, =13.5, 13.5.2...

Regular Expression Denial Of Service (ReDoS)

Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing due to nested quantifiers in the preprocessstring function of transformers.testingutils, which can cause exponential backtracking and high CPU usage when...

USN-7488-1 python vulnerabilities

It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery SSRF attack. This issue only affected python 2.7 and python3.4 on Ubuntu 14.04 LTS; python2.7 on Ubuntu 16.04 LTS; python2.7,...

Regular Expression Denial Of Service (ReDoS)

org.apereo.cas, cas-server-core-configuration-metadata-repository is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to improper processing of the "Name" argument without input validation, which allows remote attackers to trigger excessive backtracking and degra...