Skip to main content

Incorrect Regular Expression

CVE-2018-3738

Severity Medium
Score 5.5/10

Summary

Versions of protobufjs before 5.0.3 and 6.8.6 are vulnerable to ReDoS when parsing crafted invalid .proto files.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • REQUIRED
  • NONE
  • NONE
  • HIGH

CWE-185 - Incorrect Regular Expression

The software specifies a regular expression in a way that causes data to be improperly matched or compared.

Advisory Timeline

  • Published