Inefficient Regular Expression Complexity
| Property | |
|---|---|
| Language | csharp |
| Severity |  |
| CWE | CWE-1333: Inefficient Regular Expression Complexity |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code uses regular expressions to process input without specifying a timeout. This allows attackers to supply specially crafted input that can cause the regex engine to consume excessive CPU resources.
Impact#
If exploited, an attacker could send input that makes the application hang or become unresponsive, leading to a denial-of-service. This could disrupt service for legitimate users and potentially impact system availability or reliability.