Slowfuzz: Automated domain-independent detection of algorithmic complexity vulnerabilities
Algorithmic complexity vulnerabilities occur when the worst-case time/space complexity of
an application is significantly higher than the respective average case for particular user …
an application is significantly higher than the respective average case for particular user …
Freezing the Web: a study of {ReDoS} vulnerabilities in {JavaScript-based} web servers
Regular expression denial of service (ReDoS) is a class of algorithmic complexity attacks
where matching a regular expression against an attacker-provided input takes unexpectedly …
where matching a regular expression against an attacker-provided input takes unexpectedly …
The impact of regular expression denial of service (ReDoS) in practice: an empirical study at the ecosystem scale
Regular expressions (regexes) are a popular and powerful means of automatically
manipulating text. Regexes are also an understudied denial of service vector (ReDoS). If a …
manipulating text. Regexes are also an understudied denial of service vector (ReDoS). If a …
Solving string constraints with regex-dependent functions through transducers with priorities and variables
Regular expressions are a classical concept in formal language theory. Regular
expressions in programming languages (RegEx) such as JavaScript, feature non-standard …
expressions in programming languages (RegEx) such as JavaScript, feature non-standard …
ReScue: crafting regular expression DoS attacks
Regular expression (regex) with modern extensions is one of the most popular string
processing tools. However, poorly-designed regexes can yield exponentially many matching …
processing tools. However, poorly-designed regexes can yield exponentially many matching …
A Coq Mechanization of JavaScript Regular Expression Semantics
N De Santo, A Barrière, C Pit-Claudel - Proceedings of the ACM on …, 2024 - dl.acm.org
We present an executable, proven-safe, faithful, and future-proof Coq mechanization of
JavaScript regular expression (regex) matching, as specified by the latest published edition …
JavaScript regular expression (regex) matching, as specified by the latest published edition …
Static detection of DoS vulnerabilities in programs that use regular expressions
In an algorithmic complexity attack, a malicious party takes advantage of the worst-case
behavior of an algorithm to cause denial-of-service. A prominent algorithmic complexity …
behavior of an algorithm to cause denial-of-service. A prominent algorithmic complexity …
Efficient matching of regular expressions with lookaround assertions
Regular expressions have been extended with lookaround assertions, which are subdivided
into lookahead and lookbehind assertions. These constructs are used to refine when a …
into lookahead and lookbehind assertions. These constructs are used to refine when a …
Revealer: Detecting and exploiting regular expression denial-of-service vulnerabilities
Regular expression Denial-of-Service (ReDoS) is a class of algorithmic complexity attacks.
Attackers can craft particular strings to trigger the worst-case super-linear matching time of …
Attackers can craft particular strings to trigger the worst-case super-linear matching time of …
Improving developers' understanding of regex denial of service tools through anti-patterns and fix strategies
Regular expressions are used for diverse purposes, including input validation and firewalls.
Unfortunately, they can also lead to a security vulnerability called ReDoS (Regular …
Unfortunately, they can also lead to a security vulnerability called ReDoS (Regular …