Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-27704 PoC — Void Tools 安全漏洞

Source
https://github.com/happy0717/CVE-2023-27704
Associated Vulnerability
Title:Void Tools 安全漏洞 (CVE-2023-27704)
Description:Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression Denial of Service (ReDoS).
Description
CVE-2023-27704 Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression Denial of Service (ReDoS)
Readme
# CVE-2023-27704
CVE-2023-27704 Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression Denial of Service (ReDoS)

fix at Everything 1.5 alpha


![image](https://github.com/happy0717/CVE-2023-27704/blob/main/fix.png)



[Suggested description]
Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression Denial of Service (ReDoS).

------------------------------------------

[Additional Information]
I put the detailed reproduction process in this link:
https://drive.google.com/drive/folders/1BmHAGSugrFo0whDEmg6nnbaOkvE21X-p?usp=sharing

------------------------------------------

[VulnerabilityType Other]
Regular expression Denial of Service

------------------------------------------

[Vendor of Product]
https://www.voidtools.com/

------------------------------------------

[Affected Product Code Base]
Everything - lower than 1.4.1.1022 (x64)

------------------------------------------

[Affected Component]
Everything installed version lower than 1.4.1.1022 (x64)

------------------------------------------

[Attack Type]
Local

------------------------------------------

[Impact Denial of Service]
true

------------------------------------------

[Attack Vectors]
I discovered a ReDos vulnerability in everything Version 1.4.1.1015 (x64)

The ReDos vulnerability trigger is roughly like this,"^([\w]+)+$"


Recurrence process:
1.Enable the regex function of everything

2.Insert  regex statements that can lead to ReDos in the search box

Then you can see in the task manager that the CPU usage is very high can reach more than 90%, and everything is not responding



I put the detailed reproduction process in this link:
https://drive.google.com/drive/folders/1BmHAGSugrFo0whDEmg6nnbaOkvE21X-p?usp=sharing

------------------------------------------

[Reference]
https://drive.google.com/drive/folders/1BmHAGSugrFo0whDEmg6nnbaOkvE21X-p?usp=sharing
https://www.voidtools.com/en-us/downloads/

------------------------------------------

[Discoverer]
happy0717
File Snapshot

 [4.0K]  /data/pocs/a552d2d171ccd2dfbfdec3a6b5072abf340c7c65
├── [ 61K]  fix.png
└── [2.0K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →