FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Configobj -- Regular Expression Denial of Service attack

Affected packages
py310-configobj <= 5.0.8
py311-configobj <= 5.0.8
py38-configobj <= 5.0.8
py39-configobj <= 5.0.8

Details

VuXML ID 46419e8c-65d9-11ef-ac06-b0416f0c4c67
Discovery 2023-04-03
Entry 2024-08-29

report@snyk.io reports:

All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\((.*)\).**Note:** This is only exploitable in the case of a developer putting the offending value in a server side configuration file.

[source]

References

CVE Name CVE-2023-26112
URL https://nvd.nist.gov/vuln/detail/CVE-2023-26112

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.