5.3 CVE-2024-45338

 

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
https://nvd.nist.gov/vuln/detail/CVE-2024-45338

Categories

CWE-1333 : Inefficient Regular Expression Complexity
Some regular expression engines have a feature called "backtracking". If the token cannot match, the engine "backtracks" to a position that may result in a different token that can match.

References


 

CPE

cpe start end


REMEDIATION




EXPLOITS


Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
492 Regular Expression Exponential Blowup