Skip to main content

Inefficient Regular Expression Complexity

CVE-2022-40898

Severity High
Score 7.5/10

Summary

An issue discovered in Python Packaging Authority (PyPA) Wheel versions through 0.37.1 and earlier allows remote attackers to cause a regular expression denial of service via attacker-controlled input to wheel cli.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-1333 - Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

References

Advisory Timeline

  • Published