Executable Regular Expression Error
|ID: 624||Date: (C)2012-05-14 (M)2012-11-08|
|Type: weakness||Status: INCOMPLETE|
|Abstraction Type: Base|
The product uses a regular expression that either (1) contains
an executable component with user-controlled inputs, or (2) allows a user to
enable execution by inserting pattern modifiers.
Extended DescriptionCase (2) is possible in the PHP preg_replace() function, and possibly in
other languages when a user-controlled input is inserted into a string that
is later parsed as a regular expression.
Applicable PlatformsLanguage: PHPLanguage: Perl
Time Of Introduction
|ConfidentialityIntegrityAvailability ||Execute unauthorized code or
commands || |
|Implementation || ||The regular expression feature in some languages allows inputs to be
quoted or escaped before insertion, such as \Q and \E in Perl. || || |
|CWE-624 ChildOf CWE-896 ||Category ||CWE-888 || |
- CVE-2006-2059 : executable regexp in PHP by inserting "e" modifier into first argument to preg_replace
- CVE-2005-3420 : executable regexp in PHP by inserting "e" modifier into first argument to preg_replace
- CVE-2006-2878 CVE-2006-2908 : complex curly syntax inserted into the replacement argument to PHP preg_replace(), which uses the "/e" modifier
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None