CVE-2022-31100

Name of the Vulnerable Software and Affected Versions rulex versions prior to 0.4.3

Description When parsing untrusted rulex expressions, rulex may crash, possibly enabling a Denial of Service attack. This happens when the expression contains a multi-byte UTF-8 code point in a string literal or after a backslash, because rulex tries to slice into the code point and panics as a result. This is a security concern for services that parse untrusted rulex expressions and become unavailable when the thread running rulex panics.

Recommendations Update to version 0.4.3 to fix the issue. As a temporary workaround, consider using catch unwind to recover from panics or assume that regular expression parsing will panic and add logic to catch panics.