Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages.
No PoCs from references.
- https://github.com/Banyaon/And-ifclcs-
- https://github.com/Banyaon/supreme-robot
- https://github.com/Banyaon/vigilant-fiesta