-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.powsybl:powsybl-iidm-criteria | maven | >= 6.3.0, <= 6.7.1 | 6.7.2 |
| com.powsybl:powsybl-contingency-api | maven | >= 5.0.0, < 6.3.0 | 6.3.0 |
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability is a classic case of Regular Expression Denial of Service (ReDoS) within the com.powsybl.iidm.criteria.RegexCriterion class. The core of the issue is the use of java.util.regex.Pattern, which is known to have performance issues with certain types of complex or malicious regular expressions, specifically those that can cause catastrophic backtracking.
The analysis of the provided information, particularly the patch details, points to two key functions involved in the vulnerability:
com.powsybl.iidm.criteria.RegexCriterion.RegexCriterion(String regex): This is the constructor for the class. It serves as the entry point for the vulnerability because it accepts a user-provided string and compiles it into a Pattern object. An attacker would supply a malicious regex pattern at this stage.
com.powsybl.iidm.criteria.RegexCriterion.filter(Identifiable identifiable, IdentifiableType type): This method takes the compiled regex and attempts to match it against the ID of an Identifiable object. If both the regex and the ID are crafted by an attacker, this operation can trigger the ReDoS condition, causing the application to hang or crash due to excessive CPU usage.
The patch addresses the vulnerability by replacing the standard Java regex library with Google's RE2/J library (com.google.re2j.Pattern). RE2/J is designed to execute regular expressions in linear time, thus preventing the possibility of catastrophic backtracking and mitigating the ReDoS risk. The change is clearly visible in the diff, where the import for java.util.regex.Pattern is removed and replaced with com.google.re2j.Pattern.
Therefore, any runtime profile during an exploit of this vulnerability would show significant time spent within the RegexCriterion.filter method, which was initiated by the creation of a RegexCriterion object with a malicious pattern.
Ongoing coverage of React2Shell