Inefficient Regular Expression Complexity

CVE-2024-3772

Medium

5.9/10

Summary

Regular expression denial of service in Pydanic allows remote attackers to cause denial of service via a crafted email string. This issue affects pydantic versions prior to 1.10.13 and 2.x prior to 2.4.0.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-1333 - Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

References

Advisory
Pull request
Release Note

Advisory Timeline

Published Apr 15, 2024

Inefficient Regular Expression Complexity

CVE-2024-3772

Summary

CWE-1333 - Inefficient Regular Expression Complexity

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS