CVE-2024-3772 : Regular expression denial of service in Pydanic < 2.4.0,

Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.

Published 2024-04-15 03:16:08

Updated 2025-02-13 18:18:11

Source DirectCyber

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2024-3772

Please log in to view affected product information.

EPSS FAQ

0.29%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 52 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H	2.2	3.6	DirectCyber	2024-04-15
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H	N/A	N/A	RedHat-CVE-2024-3772	2024-04-15
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE-1333 Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

Assigned by: 430a6cef-dc26-47e3-9fa8-52fb7f19644e (Secondary)

https://github.com/pydantic/pydantic/pull/7360

Fixed a regular expression denial of service issue by limiting whites… by prodigysml · Pull Request #7360 · pydantic/pydantic · GitHub
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JBZLMSH4GAZOVBMT2JUO2LXHY7M2ALI/

[SECURITY] Fedora 38 Update: python-pydantic-1.10.14-5.fc38 - package-announce - Fedora Mailing-Lists

Jump to