Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

Customers

CVE-2023-26112 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2023-26112

CVE-2023-26112

LOW3.7

All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (

Published Apr 3, 2023

Modified 1 years ago

Details

All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)((.*)).

Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.

References

WEB

https://github.com/DiffSK/configobj/issues/232

WEB

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BO4RLMYEJODCNUE3DJIIUUFVTPAG6VN/

WEB

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZHY7B33EFY4LESP2NI4APQUPRROTAZK/

WEB

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYU4IHVLOTYMFPH7KDOJGKZQR4GKWPFK/

WEB

https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2023-26112

CVSS Analysis

CVSS v3.1

3.7

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

HighAC:H

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

LowA:L

3.7/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Weakness Type (CWE)

Resource Management

CWE-1333

ReDoS (Regex DoS)

Ecosystems

Timeline

PublishedApr 3, 2023

ModifiedFeb 13, 2025