Labels
disclosed
Disclosure/advisory has been published & disclosed
patched
Patch version released
poc
Proof-of-concept dropped
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.
You signed out in another tab or window. Reload to refresh your session.
Description
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
CVE ID: CVE-2021-44686
Proof of Concept
Vulnerable code: https://github.com/kovidgoyal/calibre/blob/39a22268b930f0d0cf51a42b556982da5f3dbf4d/src/calibre/ebooks/conversion/preprocess.py#L383
To see that the regular expression is vulnerable, copy-paste it into a separate file & run the code as shown below.
Impact
This issue may lead to a denial of service.
References
The text was updated successfully, but these errors were encountered: