You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
regex backtracking
About this tag
Regex backtracking is a performance issue in regular expression engines where certain patterns can cause catastrophic backtracking, leading to exponential or polynomial time complexity. This can be exploited in a Regular Expression Denial of Service (ReDoS) attack, as seen in the Pygments syntax highlighter vulnerability. The Pygments bug involved lexer regular expressions with exponential or cubic worst-case complexity, allowing crafted input to cause denial of service. The issue affected Pygments releases since 1.1 and was patched in version 2.7.4. For developers embedding Pygments in web applications or tools processing untrusted source code, understanding regex backtracking is crucial for preventing ReDoS vulnerabilities.
Pygments’ long-running role as Python’s go-to syntax highlighter collided with a classic but under-appreciated risk in March 2021: several lexer regular expressions exhibited exponential or cubic worst‑case complexity, allowing crafted input to trigger a Regular Expression Denial of Service...