{"id":"CVE-2023-45813","summary":"Inefficient Regular Expression Complexity in TorBot","details":"Torbot is an open source tor network intelligence tool. In affected versions the `torbot.modules.validators.validate_link function` uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash using a well-crafted argument. An attacker can use a well-crafted URL argument to exploit the vulnerability in the regular expression and cause a Denial of Service on the system. The validators file has been removed in version 4.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.","aliases":["GHSA-72qw-p7hh-m3ff"],"modified":"2026-04-10T05:03:16.688175Z","published":"2023-10-18T20:26:44.531Z","database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/45xxx/CVE-2023-45813.json","cwe_ids":["CWE-1333"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/45xxx/CVE-2023-45813.json"},{"type":"ADVISORY","url":"https://github.com/DedSecInside/TorBot/security/advisories/GHSA-72qw-p7hh-m3ff"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45813"},{"type":"FIX","url":"https://github.com/DedSecInside/TorBot/commit/ef6e06bc7785355b1701d5524eb4550441086ac4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dedsecinside/torbot","events":[{"introduced":"0"},{"fixed":"9ea8108cbfd3ecb53bfef39b8b7b5d047f3f4ac8"}]}],"versions":["v2.0.0","v2.1.0","v3.0.1","v3.1.1","v3.1.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45813.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/kvesteri/validators","events":[{"introduced":"0"},{"last_affected":"453cb70ba01d47c114e95356a1faeb9e95b98788"},{"introduced":"0"},{"last_affected":"9c35f185c0d44c3cb1c7433c66e3dfbb921e5e54"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.11.0"},{"introduced":"0"},{"last_affected":"0.20.0"}]}}],"versions":["0.1.0","0.10.0","0.10.1","0.10.2","0.10.3","0.11.0","0.11.1","0.11.2","0.11.3","0.12.0","0.12.1","0.12.2","0.12.3","0.12.4","0.12.5","0.12.6","0.13.0","0.14.0","0.14.1","0.14.2","0.14.3","0.15.0","0.16.0","0.17.0","0.17.1","0.18.0","0.18.1","0.18.2","0.19.0","0.2.0","0.20.0","0.3.0","0.4.0","0.5.0","0.6.0","0.7.0","0.8.0","0.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45813.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}