REGEX DOS (ReDoS)

Feature Value
Type Protection
Risk Other
Covered by Agent

The regular expression denial of service (ReDoS)[1] is an algorithmic complexity attack that produces a denial-of-service by providing a regular expression that takes a very long time to evaluate. The attack exploits the fact that most regular expression implementations have exponential time complexity in the worst case: the time taken can grow exponentially in relation to input size. An attacker can thus cause a program to spend an unbounded amount of time processing by providing such a regular expression, making it either slow down or become unresponsive.
Hdiv Agent protects against the DoS caused by such long-running expressions.

More information