Project

General

Profile

Actions
Copy link

Bug #5260

closed

rust: update regex dependency

Added by Victor Julien over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
7.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

Crate:         regex
Version:       1.4.6
Title:         Regexes with large repetitions on empty sub-expressions take a very long time to parse
Date:          2022-03-08
ID:            RUSTSEC-2022-0013
URL:           https://rustsec.org/advisories/RUSTSEC-2022-0013
Solution:      Upgrade to >=1.5.5
Dependency tree: 
regex 1.4.6
└── suricata 7.0.0-dev

Related issues 1 (0 open1 closed)

Has duplicate Suricata - Security #5187: Rust regex crate security advisory CVE-2022-24713ClosedVictor JulienActions
Actions
Copy link
 #1

Updated by Jason Ish over 2 years ago

RustSec advisory for regex: https://rustsec.org/advisories/RUSTSEC-2022-0013

Its important to note that Suricata does not use untrusted regular expressiosn so Suricata is not affected by this issue.

Actions
Copy link
 #2

Updated by Victor Julien over 2 years ago

  • Status changed from Assigned to Closed
  • Target version changed from TBD to 7.0.0-beta1
Actions
Copy link
 #3

Updated by Victor Julien over 2 years ago

  • Has duplicate Security #5187: Rust regex crate security advisory CVE-2022-24713 added
Actions
Copy link

Also available in: Atom PDF