Skip to main content

Incorrect Regular Expression

CVE-2018-3737

Severity High
Score 7.5/10

Summary

sshpk is vulnerable to ReDoS when parsing crafted invalid public keys.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-185 - Incorrect Regular Expression

The software specifies a regular expression in a way that causes data to be improperly matched or compared.

Advisory Timeline

  • Published