Headline

CVE-2022-1930: eth-account ReDoS | XRAY-248681

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method

2 years ago

CVE

Open in Source

#dos

CVE-2022-1930 | CVSS 5.9

JFrog Severity:medium

Published 11 Aug. 2022 | Last updated 11 Aug. 2022

Exponential ReDoS in eth-account leads to denial of service

eth-account

eth-account (,0.5.9), fixed in 0.5.9

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method

{
        "types": {
                "EIP712Domain": [
                        {"name": "aaaa", "type": "$[11111111111111111111111110"},
                        {"name": "version", "type": "string"},
                        {"name": "chainId", "type": "uint256"},
                        {"name": "verifyingContract", "type": "address"}
                 ]
        }
}

No mitigations are supplied for this issue

NVD

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method

2 years ago

ghsa

Open in Source

#dos #git