logo

CWE-1333 - Inefficient Regular Expression Complexity

CWE-1333 High

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Inefficient Regular Expression Complexity

Description

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

Attackers can create crafted inputs that intentionally cause the regular expression to use excessive backtracking in a way that causes the CPU consumption to spike.

Common Consequences

Scope: Availability

Impact: DoS: Resource Consumption (CPU)

Related Weaknesses

CWE-407Inefficient Algorithmic ComplexityLow

  • Release Date:
  • 2021-03-15
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website