[issue32997] Catastrophic backtracking in fpformat

James Davis Mon, 05 Mar 2018 07:14:14 -0800

New submission from James Davis <davis...@vt.edu>:

The decoder regex used to parse numbers in the fpformat module is vulnerable to 
catastrophic backtracking.


'^([-+]?)0*(\d*)((?:\.\d*)?)(([eE][-+]?\d+)?)$'

The substructure '0*(\d*)' is quadratic.
An attack string like '+000....0++' blows up.

There is a risk of DOS (REDOS) if a web app uses this module to format 
untrusted strings.

----------
components: Library (Lib)
messages: 313249
nosy: davisjam
priority: normal
severity: normal
status: open
title: Catastrophic backtracking in fpformat
type: security
versions: Python 2.7

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue32997>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32997] Catastrophic backtracking in fpformat

Reply via email to