FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py39-configobj -- vulnerable to Regular Expression Denial of Service

Affected packages
py39-configobj <= 5.0.6_1

Details

VuXML ID de970aef-d60e-466b-8e30-1ae945a047f1
Discovery 2023-04-03
Entry 2023-04-09

DarkTinia reports:

All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\((.*)\).

**Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.

[source]

References

CVE Name CVE-2023-26112
URL https://osv.dev/vulnerability/GHSA-c33w-24p9-8m24

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.