Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-27704 PoC — Void Tools 安全漏洞

Source
https://github.com/happy0717/CVE-2023-27704
Associated Vulnerability
Title:Void Tools 安全漏洞 (CVE-2023-27704)
Description:Void Tools是Void Tools公司的一个桌面搜索引擎。 Void Tools v1.4.1.1022之前版本存在安全漏洞。攻击者利用该漏洞执行正则表达式拒绝服务攻击。
Description
CVE-2023-27704 Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression Denial of Service (ReDoS)
Readme
# CVE-2023-27704
CVE-2023-27704 Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression Denial of Service (ReDoS)

fix at Everything 1.5 alpha


![image](https://github.com/happy0717/CVE-2023-27704/blob/main/fix.png)



[Suggested description]
Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression Denial of Service (ReDoS).

------------------------------------------

[Additional Information]
I put the detailed reproduction process in this link:
https://drive.google.com/drive/folders/1BmHAGSugrFo0whDEmg6nnbaOkvE21X-p?usp=sharing

------------------------------------------

[VulnerabilityType Other]
Regular expression Denial of Service

------------------------------------------

[Vendor of Product]
https://www.voidtools.com/

------------------------------------------

[Affected Product Code Base]
Everything - lower than 1.4.1.1022 (x64)

------------------------------------------

[Affected Component]
Everything installed version lower than 1.4.1.1022 (x64)

------------------------------------------

[Attack Type]
Local

------------------------------------------

[Impact Denial of Service]
true

------------------------------------------

[Attack Vectors]
I discovered a ReDos vulnerability in everything Version 1.4.1.1015 (x64)

The ReDos vulnerability trigger is roughly like this,"^([\w]+)+$"


Recurrence process:
1.Enable the regex function of everything

2.Insert  regex statements that can lead to ReDos in the search box

Then you can see in the task manager that the CPU usage is very high can reach more than 90%, and everything is not responding



I put the detailed reproduction process in this link:
https://drive.google.com/drive/folders/1BmHAGSugrFo0whDEmg6nnbaOkvE21X-p?usp=sharing

------------------------------------------

[Reference]
https://drive.google.com/drive/folders/1BmHAGSugrFo0whDEmg6nnbaOkvE21X-p?usp=sharing
https://www.voidtools.com/en-us/downloads/

------------------------------------------

[Discoverer]
happy0717
File Snapshot

 [4.0K]  /data/pocs/a552d2d171ccd2dfbfdec3a6b5072abf340c7c65
├── [ 61K]  fix.png
└── [2.0K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.