Torbot is an open source tor network intelligence tool. In affected versions the `torbot.modules.validators.validate_link function` uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash using a well-crafted argument. An attacker can use a well-crafted URL argument to exploit the vulnerability in the regular expression and cause a Denial of Service on the system. The validators file has been removed in version 4.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Link | Resource |
---|---|
https://github.com/DedSecInside/TorBot/commit/ef6e06bc7785355b1701d5524eb4550441086ac4 | Patch |
https://github.com/DedSecInside/TorBot/security/advisories/GHSA-72qw-p7hh-m3ff | Exploit Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
30 Oct 2023, 13:37
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-1333 | |
First Time |
Torbot Project torbot
Validators Project validators Torbot Project Validators Project |
|
CPE | cpe:2.3:a:validators_project:validators:0.11.0:*:*:*:*:python:*:* cpe:2.3:a:torbot_project:torbot:*:*:*:*:*:*:*:* cpe:2.3:a:validators_project:validators:0.20.0:*:*:*:*:python:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) https://github.com/DedSecInside/TorBot/commit/ef6e06bc7785355b1701d5524eb4550441086ac4 - Patch | |
References | (MISC) https://github.com/DedSecInside/TorBot/security/advisories/GHSA-72qw-p7hh-m3ff - Exploit, Vendor Advisory |
18 Oct 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-18 21:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-45813
Mitre link : CVE-2023-45813
CVE.ORG link : CVE-2023-45813
JSON object : View
Products Affected
validators_project
- validators
torbot_project
- torbot
CWE
CWE-1333
Inefficient Regular Expression Complexity