CVE-2023-33290

The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python).
References
Link Resource
https://github.com/tjtelan/git-url-parse-rs/issues/51 Exploit Issue Tracking Third Party Advisory
https://lib.rs/crates/git-url-parse Product
https://github.com/tjtelan/git-url-parse-rs/issues/51 Exploit Issue Tracking Third Party Advisory
https://lib.rs/crates/git-url-parse Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:git-url-parse_project:git-url-parse:*:*:*:*:*:rust:*:*

History

21 Nov 2024, 08:05

Type Values Removed Values Added
References () https://github.com/tjtelan/git-url-parse-rs/issues/51 - Exploit, Issue Tracking, Third Party Advisory () https://github.com/tjtelan/git-url-parse-rs/issues/51 - Exploit, Issue Tracking, Third Party Advisory
References () https://lib.rs/crates/git-url-parse - Product () https://lib.rs/crates/git-url-parse - Product

Information

Published : 2023-06-12 13:15

Updated : 2024-11-21 08:05


NVD link : CVE-2023-33290

Mitre link : CVE-2023-33290

CVE.ORG link : CVE-2023-33290


JSON object : View

Products Affected

git-url-parse_project

  • git-url-parse
CWE
CWE-1333

Inefficient Regular Expression Complexity