Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:48216
HistoryJul 24, 2024 - 8:41 a.m.

Regular Expression Denial Of Service (ReDoS)

2024-07-2408:41:27
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3
regular expression denial of service
tf2-item-format
decomposename.ts
denial of service
user input
software

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

tf2-item-format is vulnerable to a Regular Expression Denial of Service (ReDoS). The vulnerability is due a regular expression with inefficient complexity utilized in decomposeName.ts, which allows an attacker to perform Denial of Service (DoS) attacks on any service that uses tf2-item-format to parse user input.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High