#dos

Red Hat Security Advisory 2023-5869-01 - An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5867-01 - An update for grafana is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5866-01 - An update for grafana is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5865-01 - An update for grafana is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5864-01 - An update for grafana is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5863-01 - An update for grafana is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5851-01 - Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5850-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5849-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

### Summary _The torbot.modules.validators.validate_link function uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash using a well-crafted argument.._ ### Details https://github.com/DedSecInside/TorBot/blob/d2b89192379ad033ffc7044efff26e16ccc02d5a/torbot/modules/validators.py#L13 An attacker can use a well-crafted URL argument to exploit the vulnerability in the regular expression and cause a Denial of Service on the system. ### PoC I have uploaded a secret gist containing a PoC (https://gist.github.com/ikkebr/6041055314f1cfb8e65b2a1acbaae12c). By adding one special character at the end of the user argument of the URL, the regular expression will take exponentially longer to compute. For a string of size 10k, the regex will take 0.01s without the well-crafted URL and 1.3s with the well-crafted URL exploit. For a string of size 50k, the regex will take 0.03s without t...