Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-24713 PoC — Regular expression denial of service in Rust's regex crate

Source
https://github.com/ItzSwirlz/CVE-2022-24713-POC
Associated Vulnerability
Title:Regular expression denial of service in Rust's regex crate (CVE-2022-24713)
Description:regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.
Description
Proof of Concept/Test for CVE-2022-24713 on Ubuntu
Readme
# POC of CVE-2022-24713 on Ubuntu
Install the current rust-regex package on Ubuntu.

Then, clone this repo.

Then, run cargo build.

The regex dependency is set to the /usr/share/cargo/registry folder, so there
will be no dependency issues.

If the compilation takes an absurdly ridiculous long amount of time, it is
a denial of service and is CVE-2022-24713.

If it does not, it has been patched (https://github.com/rust-lang/regex/commit/ae70b41d4f46641dbc45c7a4f87954aea356283e)
File Snapshot

 [4.0K]  /data/pocs/94dbd8bc1ee6a5d21fe03c1839fac5e04c7735c0
├── [ 922]  Cargo.lock
├── [ 265]  Cargo.toml
├── [ 482]  README.md
└── [4.0K]  src
    └── [  78]  main.rs

1 directory, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →