Vulnerable Regular Expression #10

cristianstaicu · 2017-09-05T17:52:25Z

The following regular expression used for parsing the HTTP header is vulnerable to ReDoS:

/(?:charset|encoding)\s*=\s*['"]? *([\w\-]+)/i

The slowdown is moderate: for 30.000 characters around 4 seconds matching time. I would suggest one of the following:

remove the regex,
anchor the regex,
limit the number of characters that can be matched by the repetition,
limit the input size.

If needed, I can provide an actual example showing the slowdown.

fengmk2 · 2017-09-05T22:58:14Z

Yes, thanks for your report! We will fix this high security problem as soon as possible!

fengmk2 · 2017-09-05T23:08:32Z

Can you send me the example to my email fengmk2#gmail.com?

only allow max 10 spaces and 100 charset string closes #10

fengmk2 added a commit that referenced this issue Sep 7, 2017

fix: limit match string

83b4f7f

only allow max 10 spaces and 100 charset string closes #10

fengmk2 mentioned this issue Sep 7, 2017

fix: limit match string #11

Merged

fengmk2 closed this as completed in #11 Sep 7, 2017

fengmk2 added a commit that referenced this issue Sep 7, 2017

fix: limit match string (#11)

effda0c

only allow max 10 spaces and 100 charset string closes #10

tdunlap607 mentioned this issue Mar 31, 2023

[GHSA-9cp3-fh5x-xfcj] Regular Expression Denial of Service in charset github/advisory-database#1905

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vulnerable Regular Expression #10

Vulnerable Regular Expression #10

cristianstaicu commented Sep 5, 2017

fengmk2 commented Sep 5, 2017

fengmk2 commented Sep 5, 2017

Vulnerable Regular Expression #10

Vulnerable Regular Expression #10

Comments

cristianstaicu commented Sep 5, 2017

fengmk2 commented Sep 5, 2017

fengmk2 commented Sep 5, 2017