Vulnerability Description
Torbot is an open source tor network intelligence tool. In affected versions the `torbot.modules.validators.validate_link function` uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash using a well-crafted argument. An attacker can use a well-crafted URL argument to exploit the vulnerability in the regular expression and cause a Denial of Service on the system. The validators file has been removed in version 4.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Torbot Project | Torbot | < 4.0.0 |
| Validators Project | Validators | 0.11.0 |
Related Weaknesses (CWE)
References
- https://github.com/DedSecInside/TorBot/commit/ef6e06bc7785355b1701d5524eb4550441Patch
- https://github.com/DedSecInside/TorBot/security/advisories/GHSA-72qw-p7hh-m3ffExploitVendor Advisory
- https://github.com/DedSecInside/TorBot/commit/ef6e06bc7785355b1701d5524eb4550441Patch
- https://github.com/DedSecInside/TorBot/security/advisories/GHSA-72qw-p7hh-m3ffExploitVendor Advisory
FAQ
What is CVE-2023-45813?
CVE-2023-45813 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Torbot is an open source tor network intelligence tool. In affected versions the `torbot.modules.validators.validate_link function` uses the python-validators URL validation regex. This particular reg...
How severe is CVE-2023-45813?
CVE-2023-45813 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-45813?
Check the references section above for vendor advisories and patch information. Affected products include: Torbot Project Torbot, Validators Project Validators.