> For the complete documentation index, see [llms.txt](https://0xn3va.gitbook.io/application-security-handbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://0xn3va.gitbook.io/application-security-handbook/web-application/vulnerability-mitigation/regular-expression-denial-of-service-redos.md).

# Regular Expression Denial of Service (ReDoS)

## Overview

Regular expression Denial of Service (ReDoS) is an algorithmic complexity attack that produces a Denial of Service by providing a regular expression and/or an input that takes a long time to evaluate. The attack exploits the fact that many regular expression implementations have super-linear worst-case complexity; on certain regex-input pairs, the time taken can grow polynomially or exponentially in relation to the input size. An attacker can thus cause a program to spend substantial time by providing a specially crafted regular expression and/or input.

This page contains recommendations for the implementation of protection against Regular expression Denial of Service (ReDoS) attacks.

## General

<div align="left"><img src="/files/QJuMWI21M60ZKzo0mFAN" alt=""></div>

* Comply with requirements from the [Regular Expressions](/application-security-handbook/web-application/regular-expressions.md) page.
