CWE-1333 - Inefficient Regular Expression Complexity

CWE-1333 High

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Inefficient Regular Expression Complexity

Description: The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
Attackers can create crafted inputs that intentionally cause the regular expression to use excessive backtracking in a way that causes the CPU consumption to spike.

Common Consequences: Scope: Availability
Impact: DoS: Resource Consumption (CPU)

Related Weaknesses: CWE-407Inefficient Algorithmic ComplexityLow

Release Date:
2021-03-15

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard