CVE-2025-58451
Cattown is Vulnerable to Uncontrolled Resource Consumption through Inefficient Regular Expression Complexity
描述
### Overview A security review of the Cattown identified multiple weaknesses that could potentially impact its stability and security. ### Affected Versions - All versions below 1.0.2 ### Description of Vulnerabilities 1. CWE-1333: Inefficient Regular Expression Complexity The package used regular expressions with inefficient, potentially exponential worst-case complexity. This can cause excessive CPU usage due to excessive backtracking on crafted inputs, potentially leading to denial of service. 2. CWE-400: Uncontrolled Resource Consumption (Resource Exhaustion) The package was vulnerable to resource exhaustion, where processing malicious inputs could cause high CPU or memory usage, potentially leading to denial of service. ### Impact - Trigger excessive CPU consumption leading to denial of service - Cause resource exhaustion affecting service availability - Bypass protection mechanisms causing unexpected or insecure behavior ### Resolution These vulnerabilities have been fixed in version 1.0.2 of the Cattown. Users are strongly encouraged to upgrade to this version to mitigate the risks. ### Recommendations - Upgrade to Cattown version 1.0.2 or later as soon as possible. - Review and restrict input sources if untrusted inputs are processed. ### Acknowledgments The issues were proactively identified through CodeQL static analysis.
如何修補 CVE-2025-58451
要修補 CVE-2025-58451,請將受影響套件升級到下列已修補版本。
- —升級至 1.0.2 或更新版本
CVE-2025-58451 正在被利用嗎?
低 — EPSS 為 0.1%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 1.0.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |