Main Vulnerability Database Vulnerabilities #VU79836

#VU79836 Inefficient regular expression complexity in configobj - CVE-2023-26112

Published: August 22, 2023

Vulnerability identifier: #VU79836

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-26112

CWE-ID: CWE-1333

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
configobj

Software vendor:
Differently Sized Kittens

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

#VU79836 Inefficient regular expression complexity in configobj - CVE-2023-26112

Description

Remediation

External links

Please verify you're human