Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Potential Regex Denial of Service (ReDoS) in ctx_mp

See original GitHub issue

Type of Issue Potential Regex Denial of Service (ReDoS)

Description The vulnerable regular expression is located in

https://github.com/fredrik-johansson/mpmath/blob/6a675bf08ef285e8b8ec956bcfd03a425b2b6ded/mpmath/ctx_mp.py#L43 https://github.com/fredrik-johansson/mpmath/blob/6a675bf08ef285e8b8ec956bcfd03a425b2b6ded/mpmath/ctx_mp.py#L44

The ReDOS vulnerability of the regex is mainly due to the sub-pattern \d*\.?\d* with quantified overlapping adjacency and can be exploited with the following string "(" + "1" * 5000 + "!"

I think you can limit the input length or modify the regex.

I suggest you can repalce the sub-pattern \d*\.?\d* with \d*(\.\d*)?

Issue Analytics

State:
Created 3 years ago
Comments:6 (3 by maintainers)

Top GitHub Comments

2reactions

cclausscommented, Dec 4, 2022

Please reopen this issue.

Running https://pypi.org/project/safety currently outputs…

 +==============================================================================+
 VULNERABILITIES FOUND 
+==============================================================================+

-> Vulnerability found in mpmath version 1.2.1
   Vulnerability ID: 51549
   Affected spec: >=1.0.0,<=1.2.1
   ADVISORY: Mpmath v1.0.0 through v1.2.1 is affected by CVE-2021-29063:
   Regular Expression Denial of Service (ReDOS) vulnerability when the...
   CVE-2021-29063
   For more information, please visit https://pyup.io/v/51549/f17

2reactions

lanzkroncommented, Oct 24, 2022

It looks like this was resolved in April 2021, why is the last release from Feburary 2021? Shouldn’t a new version be released that fixes this CVE?

Top Results From Across the Web

Regular expression Denial of Service - ReDoS

This algorithm tries one by one all the possible paths (if needed) until a match is found (or all the paths are tried...

RegexScalpel: Regular Expression Denial of Service (ReDoS ...

Abstract: The Regular expression Denial of Service (ReDoS) is a class of denial of service attacks that exploit vulnerable regular expressions (regexes) whose ......

How to protect against regex denial-of-service (ReDoS) attacks

Learn some tips to help you safeguard regular expressions against denial-of-service (DoS) attacks, known as ReDoS attacks.

The Regular Expression Denial of Service (ReDoS) cheat-sheet

This post is intended as a “technical two-pager” to summarize a security vulnerability called Regex-based Denial of Service (AKA Regex DoS, ...

Regular Expression Denial of Service (ReDoS) in tmpl | Snyk

The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they ...