Executable Regular Expression ErrorID: 624 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: INCOMPLETE |
Abstraction Type: Base |
Description
The product uses a regular expression that either (1) contains
an executable component with user-controlled inputs, or (2) allows a user to
enable execution by inserting pattern modifiers.
Extended DescriptionCase (2) is possible in the PHP preg_replace() function, and possibly in
other languages when a user-controlled input is inserted into a string that
is later parsed as a regular expression.
Applicable PlatformsLanguage: PHPLanguage: Perl
Time Of Introduction
Common Consequences
Scope | Technical Impact | Notes |
---|
ConfidentialityIntegrityAvailability | Execute unauthorized code or
commands | |
Detection MethodsNone
Potential Mitigations
Phase | Strategy | Description | Effectiveness | Notes |
---|
Implementation | | The regular expression feature in some languages allows inputs to be
quoted or escaped before insertion, such as \Q and \E in Perl. | | |
Relationships
Related CWE | Type | View | Chain |
---|
CWE-624 ChildOf CWE-896 | Category | CWE-888 | |
Demonstrative ExamplesNone
Observed Examples
- CVE-2006-2059 : executable regexp in PHP by inserting "e" modifier into first argument to preg_replace
- CVE-2005-3420 : executable regexp in PHP by inserting "e" modifier into first argument to preg_replace
- CVE-2006-2878 CVE-2006-2908 : complex curly syntax inserted into the replacement argument to PHP preg_replace(), which uses the "/e" modifier
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy MappingsNone
References:None