Project

General

Profile

Actions
Copy link

Security #5187

closed

Rust regex crate security advisory CVE-2022-24713

Added by Jason Ish over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
7.0.0-beta1
Affected Versions:
git master
Label:
CVE:
2022-24713
Git IDs:

93d5bce0aafa4b9335daea2bb5b0533407db544a

Severity:
LOW
Disclosure Date:

Description

Reference: https://blog.rust-lang.org/2022/03/08/cve-2022-24713.html

Summery: A complex regular expression could lead to a denial of service in the Rust regex crate. regex versions up to 1.5.4 are affectged. Fix is in regex 1.5.5.

This crate is not used in Suricata 5 or 6, only in git master. And no untrusted regular expressions are processed so there is no risk to Suricata, however, we should update to the latest version in git master as it does show up in cargo audit.

Related issues 1 (0 open1 closed)

Is duplicate of Suricata - Bug #5260: rust: update regex dependencyClosedVictor JulienActions
Actions
Copy link
 #1

Updated by Victor Julien over 2 years ago

  • Status changed from Assigned to Closed
  • Assignee changed from Jason Ish to Victor Julien
  • Git IDs updated (diff)
  • Severity changed from MODERATE to LOW
Actions
Copy link
 #2

Updated by Victor Julien over 2 years ago

  • Is duplicate of Bug #5260: rust: update regex dependency added
Actions
Copy link

Also available in: Atom PDF