{"id":"CVE-2016-9954","details":"The backtrack compilation code in the Irregex package (aka IrRegular Expressions) before 0.9.6 for Scheme allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression with a repeating pattern.","modified":"2026-04-01T23:57:56.667430Z","published":"2017-04-21T20:59:00.883Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/94942"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/12/15/8"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1413990"},{"type":"FIX","url":"https://github.com/ashinn/irregex/commit/a16ffc86eca15fca9e40607d41de3cea9cf868f1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ashinn/irregex","events":[{"introduced":"0"},{"last_affected":"660a5fc00d579e077c72c417ef3ab63831003c08"},{"fixed":"a16ffc86eca15fca9e40607d41de3cea9cf868f1"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.9.5"}]}}],"versions":["0.7.3","0.7.4","0.7.5","0.8.0","0.8.1","0.8.3","0.9.0","0.9.1","0.9.2","0.9.3","0.9.4","0.9.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9954.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}