CWE-407: Inefficient Algorithmic Complexity

Description

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE

Example Vulnerable Codes

Example - 1

This example attempts to check if an input string is a "sentence" [REF-1164].


var test_string = "Bad characters: $@#";var bad_pattern  = /^(\w+\s?)*$/i;var result = test_string.search(bad_pattern);

The regular expression has a vulnerable backtracking clause inside (\w+\s?)*$ which can be triggered to cause a Denial of Service by processing particular phrases.To fix the backtracking problem, backtracking is removed with the ?= portion of the expression which changes it to a lookahead and the \2 which prevents the backtracking. The modified example is:


var test_string = "Bad characters: $@#";var good_pattern  = /^((?=(\w+))\2\s?)*$/i;var result = test_string.search(good_pattern);

Note that [REF-1164] has a more thorough (and lengthy) explanation of everything going on within the RegEx.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-405: Asymmetric Resource Consumption (Amplification)

Go to

CWE-1333: Inefficient Regular Expression Complexity

Go to

Visit http://cwe.mitre.org/ for more details.