Skip to main content

Inefficient Regular Expression Complexity

CVE-2008-5646

Severity High
Score 8.7/10

Summary

Regular expression Denial of Service(ReDos) vulnerability in Trac versions prior to 0.11.2 via unknown attack vectors related to "certain wiki markup."

  • LOW
  • NETWORK
  • NONE
  • PARTIAL
  • PARTIAL
  • PARTIAL

CWE-1333 - Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

Advisory Timeline

  • Published