How severe is CVE-2022-31099?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-31099?

This is classified as CWE-674, which is a common weakness in software security.

CVE-2022-31099 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. This is a security concern for you, if your service parses untrusted rulex expressions (expressions provided by an untrusted user), and your service becomes unavailable when the process running rulex aborts due to a stack overflow. The crash is fixed in version **0.4.3**. Affected users are advised to update to this version. There are no known workarounds for this issue.

Related Vulnerabilities

CVE-2017-0886

MEDIUM

CVSS:6.5(Medium)

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the applicati...

CWE-6742017

CVE-2017-10910

MEDIUM

CVSS:6.5(Medium)

MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition.

CWE-6742017

CVE-2017-16419

MEDIUM

CVSS:6.5(Medium)

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. Th...

CWE-6742017

CVE-2018-0739

MEDIUM

CVSS:6.5(Medium)

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of S...

CWE-6742018

CVE-2018-1158

MEDIUM

CVSS:6.5(Medium)

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON.

CWE-6742018

CVE-2018-20821

MEDIUM

CVSS:6.5(Medium)

The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).

CWE-6742018