load without any analysis (file header at offset 0x0): r2 -n /path/to/file
- analyze all:
aa
- show sections:
iS
- list functions:
afl
- list imports:
ii
- list entrypoints:
ie
- seek to function:
s sym.main
Product: https://www.npmjs.com/package/s3-url-parser | |
Version: 1.0.3 | |
Vulnerability type: Denial of Service | |
CVE ID: CVE-2024-25355 | |
The regexes defined on lines 7. , 17. and 27. inside https://github.com/AntonioRecaldeRusso/s3-url-parser/blob/master/index.js | |
are vulnerable to regex denial of service when a long input is provided resulting in a crash. | |
I've managed to reproduce it with this code: | |
import s3ParseUrl from 's3-url-parser'; |
Product: https://www.npmjs.com/package/domain-suffix | |
Version: 1.0.8 | |
Vulnerability type: Denial of Service | |
CVE ID: CVE-2024-25354 | |
The regex defined on line 28. inside https://github.com/ikrong/domain-suffix/blob/master/src/domainSuffix.ts | |
is vulnerable to Regex Denial of Service. When a long string is provided to the application without specifying "/" character | |
the function parse will be stuck for indefinite amount of time, in this case 10 seconds, but this can be | |
amplified if more characters are added. | |
PoC code: |
A regex defined on line 1. inside https://github.com/alanclarke/urlite/blob/master/lib/pattern.js inside npm package "Urlite" | |
(https://www.npmjs.com/package/urlite) is found to be vulnerable to Regex Denial of Service when malicious input containing a long regex input is | |
provided to the application that parses a URL. When a malicious payload is provided to the parsing | |
function the application will hang for indefinite amount of time causing Denial of Service. | |
If more requests are sent using the same payload it can result in | |
Distributed Denial of service potentially rendering the service unavailable. | |
Payload that was used: | |
var payload ='//:' + '\t:\t'.repeat(90000)+ '\t' |
[NAME OF AFFECTED PRODUCT(S)] | |
- https://pkg.go.dev/github.com/whilp/git-urls v1.0.0 | |
[AFFECTED AND/OR FIXED VERSION(S)] | |
- v1.0.0 | |
- Status: not fixed | |
[VULNERABILITY] |
The regex on line 10. inside https://github.com/teomantuncer/node-email-check/blob/main/main.js is vulnerable to a Regex Denial of Service | |
if a malicious string is provided causing the application using the package to hang. | |
Proof of concept code to test it: | |
const emailCheck = require('node-email-check'); | |
// async request with mx check | |
//await emailCheck.isValid('example@email.com'); | |
// sync request without mx check |
Regex Denial of service in urlnorm package on https://crates.io/crates/urlnorm | |
The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs. | |
The regex defined on line 37. in https://github.com/progscrape/urlnorm/blob/main/src/lib.rs used for trimming .html and other | |
extensions when normalizing the url is vulnerable to a Regex Denial of Service when malicious input is provided. | |
Poc Code: | |
''' | |
use url::Url; |