SYM_CS_0020 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inefficient Regular Expression Complexity
| Property | Value |
|---|---|
| Language | csharp |
| Severity |  |
| CWE | CWE-1333: Inefficient Regular Expression Complexity |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code creates regular expressions with no or excessively long timeouts, which means regex operations could run indefinitely if given complex or malicious input. This leaves the application vulnerable to resource exhaustion.
Impact
An attacker could craft input that causes the regex engine to hang, potentially freezing the application or making it unresponsive. This can lead to denial of service, impacting system reliability and availability for legitimate users.