Regular Expression Denial of Service in CTFd by the Vendor CTFd
CVE-2024-46242

Currently unrated

Key Information:

Vendor
CTFd
Status
CTFd
Vendor
CVE Published:
7 January 2025

Summary

A vulnerability exists in the validate_email function of CTFd version 3.7.3, where an attacker can exploit the system by submitting a specially crafted email address during registration. This flaw opens the potential for a Regular Expression Denial of Service (ReDoS) attack, effectively causing service disruptions. By leveraging this issue, an attacker can manipulate the validation process, leading to an excessive consumption of resources and potentially affecting the overall performance of the application.

References

http://ctfd.com
https://gist.github.com/salvatore-abello/4f01f3fa54672feb...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-46242 : Regular Expression Denial of Service in CTFd by the Vendor CTFd | SecurityVulnerability.io