yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #87717
[Bug 1951983] Re: nova contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
Thanks for confirming. I've switched the report to a normal public bug
and marked our security advisory task as inapplicable, since this
doesn't represent any exploitable vulnerability in the project. At
worst, a developer could cherry-pick a malicious proposed change for the
source and consume lots of CPU running static analysis checking on it
until they interrupted the process.
** Information type changed from Private Security to Public
** Description changed:
- This issue is being treated as a potential security risk under
- embargo. Please do not make any public mention of embargoed
- (private) security vulnerabilities before their coordinated
- publication by the OpenStack Vulnerability Management Team in the
- form of an official OpenStack Security Advisory. This includes
- discussion of the bug or associated fixes in public forums such as
- mailing lists, code review systems and bug trackers. Please also
- avoid private disclosure to other individuals not already approved
- for access to this information, and provide this same reminder to
- those who are made aware of the issue prior to publication. All
- discussion should remain confined to this private bug report, and
- any proposed fixes should be added to the bug as attachments. This
- embargo shall not extend past 2022-02-21 and will be made
- public by or on that date even if no fix is identified.
-
-
# Summary
nova contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
# Description
ReDoS, or Regular Expression Denial of Service, is a vulnerability
affecting inefficient regular expressions which can perform extremely
badly when run on a crafted input string.
# Proof of Concept
To see that the regular expression is vulnerable, copy-paste it into a separate file & run the code as shown in below.
```python
import re
log_remove_context = re.compile(
r"(.)*LOG\.(.*)\(.*(context=[_a-zA-Z0-9].*)+.*\)")
log_remove_context.match('LOG.' + '(' * 3456)
```
# Impact
This issue may lead to a denial of service.
# References
- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1951983
Title:
nova contains a regular expression that is vulnerable to ReDoS
(Regular Expression Denial of Service).
Status in OpenStack Compute (nova):
New
Status in OpenStack Security Advisory:
Won't Fix
Bug description:
# Summary
nova contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
# Description
ReDoS, or Regular Expression Denial of Service, is a vulnerability
affecting inefficient regular expressions which can perform extremely
badly when run on a crafted input string.
# Proof of Concept
To see that the regular expression is vulnerable, copy-paste it into a separate file & run the code as shown in below.
```python
import re
log_remove_context = re.compile(
r"(.)*LOG\.(.*)\(.*(context=[_a-zA-Z0-9].*)+.*\)")
log_remove_context.match('LOG.' + '(' * 3456)
```
# Impact
This issue may lead to a denial of service.
# References
- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1951983/+subscriptions
