CVE-2023-45813

Torbot is an open source tor network intelligence tool. In affected versions the `torbot.modules.validators.validate_link function` uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash using a well-crafted argument. An attacker can use a well-crafted URL argument to exploit the vulnerability in the regular expression and cause a Denial of Service on the system. The validators file has been removed in version 4.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:torbot_project:torbot:*:*:*:*:*:*:*:*
cpe:2.3:a:validators_project:validators:0.11.0:*:*:*:*:python:*:*
cpe:2.3:a:validators_project:validators:0.20.0:*:*:*:*:python:*:*

History

21 Nov 2024, 08:27

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-18 21:15

Updated : 2024-11-21 08:27


NVD link : CVE-2023-45813

Mitre link : CVE-2023-45813

CVE.ORG link : CVE-2023-45813


JSON object : View

Products Affected

torbot_project

  • torbot

validators_project

  • validators
CWE
CWE-1333

Inefficient Regular Expression Complexity