CVE-2022-24713 – Regular expression denial of service in Rust's regex crate

https://notcve.org/view.php?id=CVE-2022-24713

08 Mar 2022 — regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time ... • https://github.com/ItzSwirlz/CVE-2022-24713-POC • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •