dwisiswant0 / advisory

My advisories (backlog)
6 stars 1 forks source link

ReDoS in calibre #18

Closed dwisiswant0 closed 2 years ago

dwisiswant0 commented 3 years ago

Description

calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).

CVE ID: CVE-2021-44686

Proof of Concept

Vulnerable code: https://github.com/kovidgoyal/calibre/blob/39a22268b930f0d0cf51a42b556982da5f3dbf4d/src/calibre/ebooks/conversion/preprocess.py#L383

To see that the regular expression is vulnerable, copy-paste it into a separate file & run the code as shown below.

import re

reg = re.compile(r'<head[^>]*>\n*(.*?)\n*</head>', re.IGNORECASE|re.DOTALL)
reg.match('<head>' + '\n' * 1337)

Impact

This issue may lead to a denial of service.

References

dwisiswant0 commented 2 years ago

CVE requested.