PT-2019-15217 · Csv Parse · Csv-Parse

Published

2019-10-14

Updated

2022-01-01

CVE-2019-17592

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions csv-parse versions prior to 4.4.6

Description The issue concerns a Regular Expression Denial of Service in the isInt() function, which contains a malformed regular expression. This function processes large crafted input very slowly when the cast option is used, leading to a Denial of Service.

Recommendations Upgrade to version 4.4.6 or later. As a temporary workaround, consider avoiding the use of the cast option until the issue is resolved.

Fix

RCE

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-400

Related Identifiers

CVE-2019-17592

GHSA-582F-P4PG-XC74

Affected Products

Csv-Parse

PT-2019-15217 · Csv Parse · Csv-Parse

CVE-2019-17592

Weakness Enumeration

Related Identifiers

Affected Products

References · 9