Project

General

Profile

Actions
Copy link

Security #5187

closed
JI VJ

Rust regex crate security advisory CVE-2022-24713

Security #5187: Rust regex crate security advisory CVE-2022-24713

Added by Jason Ish about 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
7.0.0-beta1
Affected Versions:
git main
Label:
CVE:
2022-24713
Git IDs:

93d5bce0aafa4b9335daea2bb5b0533407db544a

Severity:
LOW
Disclosure Date:
GHSA:

Description

Reference: https://blog.rust-lang.org/2022/03/08/cve-2022-24713.html

Summery: A complex regular expression could lead to a denial of service in the Rust regex crate. regex versions up to 1.5.4 are affectged. Fix is in regex 1.5.5.

This crate is not used in Suricata 5 or 6, only in git master. And no untrusted regular expressions are processed so there is no risk to Suricata, however, we should update to the latest version in git master as it does show up in cargo audit.

Related issues 1 (0 open1 closed)

Is duplicate of Suricata - Bug #5260: rust: update regex dependencyClosedVictor JulienActions
Actions
Copy link

Also available in: PDF Atom