CVE-2023-45813 MEDIUM

CVE-2023-45813: Inefficient Regular Expression Complexity in TorBot

Vendor Dedsecinside
Product TorBot
Weakness CWE-1333
Published October 18, 2023
Last update September 13, 2024

CVSS base score

4.6/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Torbot is an open source tor network intelligence tool. In affected versions the `torbot.modules.validators.validate_link function` uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash using a well-crafted argument. An attacker can use a well-crafted URL argument to exploit the vulnerability in the regular expression and cause a Denial of Service on the system. The validators file has been removed in version 4.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Key dates

02Disclosure timeline

October 18, 2023 CVE published
September 13, 2024 Record updated