CVE-2022-31099

Name of the Vulnerable Software and Affected Versions rulex versions prior to 0.4.3

Description The issue arises when parsing untrusted rulex expressions, which can cause a stack overflow and potentially enable a Denial of Service attack. This occurs when an expression has several hundred levels of nesting, leading to the process aborting immediately. It is a security concern for services that parse untrusted rulex expressions and become unavailable when the process running rulex aborts due to a stack overflow.

Recommendations For versions prior to 0.4.3, update to version 0.4.3 to resolve the issue. As a temporary workaround, consider restricting the parsing of untrusted rulex expressions to prevent the stack overflow until the update can be applied. Avoid using the vulnerable function in the affected rulex expressions until the issue is resolved. There are no known workarounds for this issue other than updating to the fixed version.