CVE-2015-8315

Name of the Vulnerable Software and Affected Versions ms versions prior to 0.7.1

Description The issue allows attackers to cause a denial of service (CPU consumption) via a long version string, also known as a "regular expression denial of service (ReDoS)". This occurs when extremely long version strings are parsed. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For versions prior to 0.7.1, update to version 0.7.1 or later to resolve the issue. As a temporary workaround, consider restricting the input to the ms function to prevent extremely long version strings from being parsed. Avoid using the ms function with untrusted input until the issue is resolved.