RegEx Denial of Service Vulnerability in domain-suffix by Vendor
CVE-2024-25354

7.5HIGH

Key Information:

Vendor: Vendor
Status: domain-suffix
Vendor: CVE Published:; 27 March 2024

What is CVE-2024-25354?

The domain-suffix version 1.0.8 contains a vulnerability that allows attackers to exploit the RegEx parsing functionality. By providing specially crafted input, an attacker can trigger a Denial of Service condition, causing the application to crash. This vulnerability compromises the application's availability, which can lead to significant disruptions for users relying on its functionality.

References

https://gist.github.com/6en6ar/c3b11b4058b8e2bc54717408d4...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2024
Vulnerability Reserved
Feb 7, 2024