CVE-2022-24713 PoC — Github regex 资源管理错误漏洞

Source

https://github.com/JPeisach/CVE-2022-24713-POC

Associated Vulnerability

Title:Github regex 资源管理错误漏洞 (CVE-2022-24713)
Description:Github regex是用于解析、编译和执行正则表达式的 Rust 库。 regex 存在安全漏洞，该漏洞源于不受信任的regex或由受信任的regex匹配的不受信任的输入引起的拒绝服务攻击。

Description

Proof of Concept/Test for CVE-2022-24713 on Ubuntu

Readme

# POC of CVE-2022-24713 on Ubuntu
Install the current rust-regex package on Ubuntu.

Then, clone this repo.

Then, run cargo build.

The regex dependency is set to the /usr/share/cargo/registry folder, so there
will be no dependency issues.

If the compilation takes an absurdly ridiculous long amount of time, it is
a denial of service and is CVE-2022-24713.

If it does not, it has been patched (https://github.com/rust-lang/regex/commit/ae70b41d4f46641dbc45c7a4f87954aea356283e)

File Snapshot


 [4.0K]  /data/pocs/54360050ecd1b9c009ae8859865328eaff17e2fb
├── [ 922]  Cargo.lock
├── [ 265]  Cargo.toml
├── [ 482]  README.md
└── [4.0K]  src
    └── [  78]  main.rs

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!