Veracode Vulnerability DatabaseVERACODE:43910Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.0005 Low
EPSS
Percentile
17.1%
torbot is vulnerable to Denial of Service (DoS). An attacker is able to cause a denial-of-service (DoS) conditions on a vulnerable system by exploiting a regular expression that has exponential complexity by tricking a user into opening a malicious link or by sending a specially crafted HTTP request to the vulnerable Torbot server. Once the vulnerability is exploited, the attacker could cause the Torbot server to consume excessive CPU resources, which would prevent legitimate users from accessing the server.
References
github.com/advisories/GHSA-72qw-p7hh-m3ff
github.com/DedSecInside/TorBot/blob/v3.1.2/torbot/modules/validators.py#L13
github.com/DedSecInside/TorBot/commit/ef6e06bc7785355b1701d5524eb4550441086ac4
github.com/DedSecInside/TorBot/pull/307
github.com/DedSecInside/TorBot/security/advisories/GHSA-72qw-p7hh-m3ff
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.0005 Low
EPSS
Percentile
17.1%