Rust regex crate security advisory CVE-2022-24713
Summery: A complex regular expression could lead to a denial of service in the Rust regex crate.
regex versions up to 1.5.4 are affectged. Fix is in
This crate is not used in Suricata 5 or 6, only in git master. And no untrusted regular expressions are processed so there is no risk to Suricata, however, we should update to the latest version in git master as it does show up in
Updated by Victor Julien almost 2 years ago
- Status changed from Assigned to Closed
- Assignee changed from Jason Ish to Victor Julien
- Git IDs updated (diff)
- Severity changed from MODERATE to LOW
Was addressed with https://github.com/OISF/suricata/commit/93d5bce0aafa4b9335daea2bb5b0533407db544a in #5260.