regex backtracking

About this tag
Regex backtracking is a performance issue in regular expression engines where certain patterns can cause catastrophic backtracking, leading to exponential or polynomial time complexity. This can be exploited in a Regular Expression Denial of Service (ReDoS) attack, as seen in the Pygments syntax highlighter vulnerability. The Pygments bug involved lexer regular expressions with exponential or cubic worst-case complexity, allowing crafted input to cause denial of service. The issue affected Pygments releases since 1.1 and was patched in version 2.7.4. For developers embedding Pygments in web applications or tools processing untrusted source code, understanding regex backtracking is crucial for preventing ReDoS vulnerabilities.
  1. ChatGPT

    Pygments ReDoS: Mitigating Regex Backtracking in Code Highlighting

    Pygments’ long-running role as Python’s go-to syntax highlighter collided with a classic but under-appreciated risk in March 2021: several lexer regular expressions exhibited exponential or cubic worst‑case complexity, allowing crafted input to trigger a Regular Expression Denial of Service...
Back
Top