CVE-2023-45813

Name
CVE-2023-45813
Description
Torbot is an open source tor network intelligence tool. In affected versions the `torbot.modules.validators.validate_link function` uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash using a well-crafted argument. An attacker can use a well-crafted URL argument to exploit the vulnerability in the regular expression and cause a Denial of Service on the system. The validators file has been removed in version 4.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/DedSecInside/TorBot/security/advisories/GHSA-72qw-p7hh-m3ff
MISC https://github.com/DedSecInside/TorBot/commit/ef6e06bc7785355b1701d5524eb4550441086ac4

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:validators_project:validators:0.20.0:*:*:*:*:python:*:* py3-validators == None == 0.20.0
cpe:2.3:a:torbot_project:torbot:*:*:*:*:*:*:*:* torbot >= None < 4.0.0
cpe:2.3:a:validators_project:validators:0.11.0:*:*:*:*:python:*:* py3-validators == None == 0.11.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
py3-validators 3.18-community 0.20.0-r2 None possibly vulnerable