PT-2023-19951 · Formula · Formula

Marsuppu

Published

2023-02-08

Updated

2023-02-16

CVE-2023-25166

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions formula versions prior to 3.0.1

Description The issue arises when crafted user-provided strings are parsed by the formula parser, potentially leading to polynomial execution time and a denial of service. There are no known workarounds for this issue.

Recommendations For versions prior to 3.0.1, users should upgrade to 3.0.1 or later to resolve the issue. As a temporary workaround, consider restricting the input to the formula parser to minimize the risk of exploitation.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333

Related Identifiers

CVE-2023-25166

GHSA-C2JC-4FPR-4VHG

Affected Products

Formula

PT-2023-19951 · Formula · Formula

CVE-2023-25166

Weakness Enumeration

Related Identifiers

Affected Products

References · 8