7.5 - CVE-2023-45813

Executive Summary

Informations
Name	CVE-2023-45813	First vendor Publication	2023-10-18
Vendor	Cve	Last vendor Modification	2023-10-30

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score	7.5
Base Score	7.5	Environmental Score	7.5
impact SubScore	3.6	Temporal Score	7.5
Exploitabality Sub Score	3.9

Attack Vector	Network	Attack Complexity	Low
Privileges Required	None	User Interaction	None
Scope	Unchanged	Confidentiality Impact	None
Integrity Impact	None	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Torbot is an open source tor network intelligence tool. In affected versions the `torbot.modules.validators.validate_link function` uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash using a well-crafted argument. An attacker can use a well-crafted URL argument to exploit the vulnerability in the regular expression and cause a Denial of Service on the system. The validators file has been removed in version 4.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45813

CPE : Common Platform Enumeration

Type	Description	Count
Application	Torbot Project Torbot cpe:2.3:a:torbot_project:torbot::::::::	1
Application	Validators Project Validators cpe:2.3:a:validators_project:validators:0.20.0:::::python:: cpe:2.3:a:validators_project:validators:0.11.0:::::python::	2

Sources (Detail)

Source	Url
MISC	https://github.com/DedSecInside/TorBot/commit/ef6e06bc7785355b1701d5524eb4550... https://github.com/DedSecInside/TorBot/security/advisories/GHSA-72qw-p7hh-m3ff