Regular Expression Denial of Service (ReDoS)

Overview

Regular expression Denial of Service (ReDoS) is an algorithmic complexity attack that produces a Denial of Service by providing a regular expression and/or an input that takes a long time to evaluate. The attack exploits the fact that many regular expression implementations have super-linear worst-case complexity; on certain regex-input pairs, the time taken can grow polynomially or exponentially in relation to the input size. An attacker can thus cause a program to spend substantial time by providing a specially crafted regular expression and/or input.

This page contains recommendations for the implementation of protection against Regular expression Denial of Service (ReDoS) attacks.

General

Comply with requirements from the Regular Expressions page.

PreviousPath Traversal NextSQL Injection (SQLi)

Last updated 11 months ago