Project

General

Profile

Actions

Bug #5260

closed

rust: update regex dependency

Added by Victor Julien 6 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Crate:         regex
Version:       1.4.6
Title:         Regexes with large repetitions on empty sub-expressions take a very long time to parse
Date:          2022-03-08
ID:            RUSTSEC-2022-0013
URL:           https://rustsec.org/advisories/RUSTSEC-2022-0013
Solution:      Upgrade to >=1.5.5
Dependency tree: 
regex 1.4.6
└── suricata 7.0.0-dev

Related issues 1 (0 open1 closed)

Has duplicate Security #5187: Rust regex crate security advisory CVE-2022-24713ClosedVictor JulienActions
Actions #1

Updated by Jason Ish 6 months ago

RustSec advisory for regex: https://rustsec.org/advisories/RUSTSEC-2022-0013

Its important to note that Suricata does not use untrusted regular expressiosn so Suricata is not affected by this issue.

Actions #2

Updated by Victor Julien 6 months ago

  • Status changed from Assigned to Closed
  • Target version changed from TBD to 7.0rc1
Actions #3

Updated by Victor Julien 5 months ago

  • Has duplicate Security #5187: Rust regex crate security advisory CVE-2022-24713 added
Actions

Also available in: Atom PDF