Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 940017 (CVE-2023-26112)

Summary: <dev-python/configobj-5.0.9: ReDoS via the validate function
Product: Gentoo Security Reporter: Michał Górny <mgorny>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: python
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.cve.org/CVERecord?id=CVE-2023-26112
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 940016    
Bug Blocks:    

Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2024-09-22 02:29:10 UTC 
All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\((.*)\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2024-09-22 10:28:22 UTC 
cleanup done.