Lucene search
Veracode Vulnerability DatabaseVERACODE:36468HistoryJul 25, 2022 - 7:55 a.m.
Regular Expression Denial Of Service (ReDoS)
2022-07-2507:55:55
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
19
mxnet
vulnerability
regular expression
EPSS
0.001
Percentile
38.4%
mxnet is vulnerable to regular expression denial of service. The vulnerability exists in get_kernel function of rtc.py due to improper handling of regular expressions which allows an attacker to send a specially crafted operator name causing a excessive resource consumption which then leads to an application crash.
References
www.openwall.com/lists/oss-security/2022/07/24/2
github.com/advisories/GHSA-xxj3-55p6-xg3h
github.com/apache/incubator-mxnet/commit/59b4c188f655ec4596ab9369aaa441672110e064
github.com/apache/incubator-mxnet/pull/20810
github.com/apache/incubator-mxnet/pull/20840
github.com/apache/incubator-mxnet/releases/tag/1.9.1
lists.apache.org/thread/b1fbfmvzlr2bbp95lqoh3mtovclfcl3o
Related
prion
prion
Denial of service
2022-07-24 18:15:00
nvd
nvd
CVE-2022-24294
2022-07-24 18:15:09
osv
osv
BIT-mxnet-2022-24294
2023-11-06 08:56:03
CVE-2022-24294
2022-07-24 18:15:09
cve
cve
CVE-2022-24294
2022-07-24 18:15:09
github
github
cvelist
cvelist
CVE-2022-24294 ReDoS in Apache MXNet RTC Module
2022-07-24 17:45:12