PT-2021-5798 · Unknown+8 · Ansi-Regex+8

Published

2021-09-09

·

Updated

2025-11-18

·

CVE-2021-3807

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions ansi-regex (affected versions not specified)
Description The issue is related to Inefficient Regular Expression Complexity, which could lead to a denial of service when parsing invalid ANSI escape codes. This can be exploited by a remote attacker to cause a denial of service. The vulnerability is mainly due to the sub-patterns [[]()#;?]* and (?:;[-a-zA-Zd/#&.:=?%@~ ]*)*.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333CWE-697CWE-400

Related Identifiers

ALSA-2021:5171
ALSA-2022:0350
ALSA-2022:6595
BDU:2022-00256
CESA-2021_5171
CESA-2022_0350
CESA-2022_6449
CVE-2021-3807
GHSA-93Q8-GQ69-WQMW
OPENSUSE-SU-2022:0657-1
OPENSUSE-SU-2022:0704-1
OPENSUSE-SU-2022:0715-1
OPENSUSE-SU-2022_0657-1
OPENSUSE-SU-2022_0704-1
OPENSUSE-SU-2022_0715-1
OPENSUSE-SU-2022_1717-1
OPENSUSE-SU-2024:12723-1
RHSA-2021:5171
RHSA-2021_5171
RHSA-2022:0041
RHSA-2022:0246
RHSA-2022:0350
RHSA-2022:4711
RHSA-2022:5555
RHSA-2022:6449
RHSA-2022:6595
RHSA-2022_0350
RHSA-2022_6449
RHSA-2022_6595
RLSA-2021:5171
RLSA-2022:0350
RLSA-2022:6449
RLSA-2022:6595
SUSE-RU-2024:0511-1
SUSE-SU-2022:0531-1
SUSE-SU-2022:0563-1
SUSE-SU-2022:0569-1
SUSE-SU-2022:0570-1
SUSE-SU-2022:0657-1
SUSE-SU-2022:0704-1
SUSE-SU-2022:0715-1
SUSE-SU-2022:1717-1
SUSE-SU-2022_1717-1
SUSE-SU-2023:2575-1
SUSE-SU-2023:2578-1
SUSE-SU-2023:2579-1
SUSE-SU-2024:0191-1
SUSE-SU-2024:0196-1
SUSE-SU-2024:0486-1
SUSE-SU-2024:0487-1

Affected Products

Almalinux
Astra Linux
Bitbucket
Centos
Red Hat
Red Os
Rocky Linux
Suse
Ansi-Regex