Inefficient Regular Expression Complexity
CVE-2024-45813
Summary
The find-my-way is a fast, open-source HTTP router, internally using a Radix Tree (aka compact Prefix Tree), supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment when adding a "-" at the end, like "/:a-:b-". This may cause a Denial of Service (DOS) in some instances. There are no known workarounds for this issue. This issue affects find-my-way versions through 8.2.0, and 9.0.0 through 9.0.1.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- LOW
CWE-1333 - Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
References
Advisory Timeline
- Published