Showing 1 - 14 of 14

CVE-2022-24713

Status Candidate

Overview

regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.

Related Files

Ubuntu Security Notice USN-5610-1: Posted Sep 14, 2022; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5610-1 - Addison Crump discovered that rust-regex did not properly limit the complexity of the regular expressions it parses. An attacker could possibly use this issue to cause a denial of service.; tags | advisory, denial of service; systems | linux, ubuntu; advisories | CVE-2022-24713; SHA-256 | 14745f57976753f8232068328aca67b3e7bfcfe4b976b6a2c074d2eb49d3afb3; Download | Favorite | View

Gentoo Linux Security Advisory 202208-08: Posted Aug 10, 2022; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202208-8 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 91.12.0:esr are affected.; tags | advisory, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2022-0843, CVE-2022-1196, CVE-2022-1529, CVE-2022-1802, CVE-2022-1919, CVE-2022-2200, CVE-2022-24713, CVE-2022-2505, CVE-2022-26381, CVE-2022-26382, CVE-2022-26383, CVE-2022-26384, CVE-2022-26385, CVE-2022-26386; SHA-256 | fc4c6986e8aede7a5e8bb420e78fe9cd1f9dfa569ec3d07e1e623b50bbd053b8; Download | Favorite | View

Debian Security Advisory 5113-1: Posted Apr 28, 2022; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5113-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.; tags | advisory, web, arbitrary, spoof, info disclosure; systems | linux, debian; advisories | CVE-2022-1097, CVE-2022-1196, CVE-2022-24713, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289; SHA-256 | 01611edf9c74c2d6fccfdcd693008805cc537c88a217d53db609de1c1966d64f; Download | Favorite | View

Debian Security Advisory 5118-1: Posted Apr 28, 2022; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5118-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.; tags | advisory, denial of service, arbitrary; systems | linux, debian; advisories | CVE-2022-1097, CVE-2022-1196, CVE-2022-1197, CVE-2022-24713, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289; SHA-256 | 314c30a5de7cf083ebbee813fe6ee604c9665873a6709ae7eced4cb4a8b45b1e; Download | Favorite | View

Red Hat Security Advisory 2022-1326-01: Posted Apr 12, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-1326-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.8.0. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.; tags | advisory, denial of service, vulnerability; systems | linux, redhat; advisories | CVE-2022-1097, CVE-2022-1196, CVE-2022-1197, CVE-2022-24713, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289; SHA-256 | 038156037d0a3eb49410d7c46a34f6c524f27eb196a363a18d44f83b705cbb7b; Download | Favorite | View

Red Hat Security Advisory 2022-1305-01: Posted Apr 11, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-1305-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.8.0. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.; tags | advisory, denial of service, vulnerability; systems | linux, redhat; advisories | CVE-2022-1097, CVE-2022-1196, CVE-2022-1197, CVE-2022-24713, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289; SHA-256 | a391422e9bea70842e432e4e26b4c839e51f0526da5c0637398cbc285780b1c1; Download | Favorite | View

Red Hat Security Advisory 2022-1301-01: Posted Apr 11, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-1301-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.8.0. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.; tags | advisory, denial of service, vulnerability; systems | linux, redhat; advisories | CVE-2022-1097, CVE-2022-1196, CVE-2022-1197, CVE-2022-24713, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289; SHA-256 | 2fa591380f12d1c005495a0fdba76afc32625f3ba8d6e492de9f1632cec22956; Download | Favorite | View

Red Hat Security Advisory 2022-1303-01: Posted Apr 11, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-1303-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.8.0. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.; tags | advisory, denial of service, vulnerability; systems | linux, redhat; advisories | CVE-2022-1097, CVE-2022-1196, CVE-2022-1197, CVE-2022-24713, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289; SHA-256 | fbcbe2a187ffb5d294d0f095e2d7ba9a3587a2765ce5cc5a4894871465a46d99; Download | Favorite | View

Red Hat Security Advisory 2022-1302-01: Posted Apr 11, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-1302-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.8.0. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.; tags | advisory, denial of service, vulnerability; systems | linux, redhat; advisories | CVE-2022-1097, CVE-2022-1196, CVE-2022-1197, CVE-2022-24713, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289; SHA-256 | 839065cd2c1cd3d58db4a10f20c2f884f19d2e9514c687f85b804f663847868d; Download | Favorite | View

Red Hat Security Advisory 2022-1284-01: Posted Apr 11, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-1284-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.8.0 ESR. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.; tags | advisory, web, denial of service, vulnerability; systems | linux, redhat; advisories | CVE-2022-1097, CVE-2022-1196, CVE-2022-24713, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289; SHA-256 | cb2a549d5698210be12259221c354b79c4648cc7ebcfee07f85c3e209e203b25; Download | Favorite | View

Red Hat Security Advisory 2022-1287-01: Posted Apr 11, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-1287-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.8.0 ESR. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.; tags | advisory, web, denial of service, vulnerability; systems | linux, redhat; advisories | CVE-2022-1097, CVE-2022-1196, CVE-2022-24713, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289; SHA-256 | b7873e3f8d8428d816d7da8be0edbd5d7bb5a1eae32238c97ddb90f343b5a56f; Download | Favorite | View

Red Hat Security Advisory 2022-1283-01: Posted Apr 8, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-1283-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.8.0 ESR. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.; tags | advisory, web, denial of service, vulnerability; systems | linux, redhat; advisories | CVE-2022-1097, CVE-2022-1196, CVE-2022-24713, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289; SHA-256 | c03a596871cae1ed58c0be546a7e928b8410a6c56ed4de8da1f414bc1304ec64; Download | Favorite | View

Red Hat Security Advisory 2022-1286-01: Posted Apr 8, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-1286-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.8.0 ESR. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.; tags | advisory, web, denial of service, vulnerability; systems | linux, redhat; advisories | CVE-2022-1097, CVE-2022-1196, CVE-2022-24713, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289; SHA-256 | 2a6bfb50d22fc5eb91f8599d52c544333cc94bbd2c00ee81ed64f731bd6ba4f9; Download | Favorite | View

Red Hat Security Advisory 2022-1285-01: Posted Apr 8, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-1285-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.8.0 ESR. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.; tags | advisory, web, denial of service, vulnerability; systems | linux, redhat; advisories | CVE-2022-1097, CVE-2022-1196, CVE-2022-24713, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289; SHA-256 | 315b8e780265d7471f001048c67bd739516840387d217784a3227194971691b9; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

CVE-2022-24713

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems