SYM_CS_0021 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inefficient Regular Expression Complexity
| Property | Value |
|---|---|
| Language | csharp |
| Severity |  |
| CWE | CWE-1333: Inefficient Regular Expression Complexity |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code uses regular expressions to process input without specifying a timeout. This allows attackers to supply specially crafted input that can cause the regex engine to consume excessive CPU resources.
Impact
If exploited, an attacker could send input that makes the application hang or become unresponsive, leading to a denial-of-service. This could disrupt service for legitimate users and potentially impact system availability or reliability.