17 matches found
CVE-2026-8888
Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...
CVE-2026-8888
The CVE-2026-8888 entry applies to the Securly Chrome Extension (v3.0.7). It downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation, enabling an on-path attacker to inject patterns that cause catastrop...
markdown-it is has a Regular Expression Denial of Service (ReDoS)
Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/ in the linkify function. An attacker can supply a long sequence of characters followed by a non-matching character, which triggers...
CVE-2025-69873
ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the matchpattern function due to inefficient processing of the complex regular expressions. An attacker can cause resource exhaustion by supplying specially crafted input that...
EUVD-2006-6914
Malware in sbrugna...
Regular Expression Denial of Service (ReDoS)
Overview org.webjars.npm:yarn is a package for dependency management. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the setOptions function in the src/util/request-manager.js file. An attacker can cause resource exhaustion by supplying crafted...
Regular Expression Denial of Service (ReDoS)
Overview org.webjars.npm:markdown-it is a modern pluggable markdown parser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/ in the linkify function. An attacker can supply a long sequence of characters followed by a...
UBUNTU-CVE-2023-26116
Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service ReDoS via the angular.copy utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic...
PT-2021-6101
Name of the Vulnerable Software and Affected Versions httplib2 versions prior to 0.19.0 Description A malicious server which responds with long series of xa0 characters in the www-authenticate header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...
Plone 代码问题漏洞
Plone is an open source content management system. A server-side request forgery vulnerability exists in Plone versions prior to 5.2.3. An attacker can exploit this vulnerability by backtracking to conduct server-side request forgery attacks...
UBUNTU-CVE-2013-7345
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a large amount of...
GLSA-200702-03 : Snort: Denial of Service
The remote host is affected by the vulnerability described in GLSA-200702-03 Snort: Denial of Service Randy Smith, Christian Estan and Somesh Jha discovered that the rule matching algorithm of Snort can be exploited in a way known as a 'backtracking attack' to perform numerous time-consuming...
Snort: Denial of service
Background Snort is a widely deployed intrusion detection program. Description Randy Smith, Christian Estan and Somesh Jha discovered that the rule matching algorithm of Snort can be exploited in a way known as a "backtracking attack" to perform numerous time-consuming operations. Impact A remote...
CVE-2006-6931
Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service CPU consumption and detection outage via crafted network traffic, aka a "backtracking attack."...
CVE-2006-6931
Removed by vendor...