| Titel | pygments <=2.19.2 Denial of Service |
|---|
| Beschreibung | A Regular Expression Denial of Service (ReDoS) vulnerability exists in the pygments project at pygments/lexers/archetype.py (line 296). The regex pattern (\d|[a-fA-F])+(-(\d|[a-fA-F])+){3,} designed for GUID matching contains nested repeating quantifiers, leading to catastrophic backtracking when processing partially matching malicious input. This results in severe performance degradation and can block the application thread indefinitely with sufficiently large input, complying with CWE-1333 (Inefficient Regular Expression Complexity).
More details: https://github.com/pygments/pygments/issues/3058 |
|---|
| Quelle | ⚠️ https://github.com/pygments/pygments/issues/3058 |
|---|
| Benutzer | ybdesire (UID 83239) |
|---|
| Einreichung | 07.03.2026 13:06 (vor 2 Monaten) |
|---|
| Moderieren | 21.03.2026 10:10 (14 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 352327 [pygments bis 2.19.2 archetype.py AdlLexer Denial of Service] |
|---|
| Punkte | 20 |
|---|