CVE-2018-25110
Regular Expression Denial of Service (ReDoS) vulnerability in marked (npm)
What is CVE-2018-25110 About?
This vulnerability is a Regular Expression Denial of Service (ReDoS) attack stemming from catastrophic backtracking in regular expressions used for parsing HTML and markdown. It can lead to a Denial of Service, effectively freezing the parser. Exploitation is relatively easy, requiring specially crafted markdown input.
Affected Software
Technical Details
The vulnerability exists in Marked prior to version 0.3.17, specifically due to catastrophic backtracking within several regular expressions. These regexes are employed for parsing HTML tags and markdown links. An attacker can exploit this by supplying carefully constructed markdown input that features deeply nested or repetitively structured brackets or tag attributes. This input causes the regular expression engine to enter an extremely inefficient state, consuming excessive CPU cycles and memory resources, ultimately leading the parser to hang and resulting in a Denial of Service.
What is the Impact of CVE-2018-25110?
Successful exploitation may allow attackers to disrupt the availability of the affected system or application, causing it to become unresponsive or crash.
What is the Exploitability of CVE-2018-25110?
Exploitation of this ReDoS vulnerability is of moderate complexity, requiring specific knowledge of regular expression behavior and potential backtracking issues. It generally requires remote access, as an attacker needs to provide specially crafted input to the vulnerable parser. No authentication is typically required, as the markdown parsing often occurs before authentication or as part of publicly accessible input fields. The primary prerequisites involve crafting malicious markdown that triggers the catastrophic backtracking. The risk is heightened when user-supplied input is not properly validated or sanitized before being processed by the vulnerable regular expressions.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2018-25110?
About the Fix from Resolved Security
Available Upgrade Options
- marked
- <0.3.17 → Upgrade to 0.3.17
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/markedjs/marked/issues/1070
- https://github.com/Checkmarx/Vulnerabilities-Proofs-of-Concept/tree/main/2018/CVE-2018-25110
- https://github.com/markedjs/marked/commit/20bfc106013ed45713a21672ad4a34df94dcd485
- https://nvd.nist.gov/vuln/detail/CVE-2018-25110
- https://github.com/markedjs/marked/pull/1083
- https://github.com/markedjs/marked
- https://github.com/markedjs/marked/commit/20bfc106013ed45713a21672ad4a34df94dcd485
- https://github.com/markedjs/marked/issues/1070
- https://github.com/markedjs/marked/pull/1083
- https://github.com/Checkmarx/Vulnerabilities-Proofs-of-Concept/tree/main/2018/CVE-2018-25110
What are Similar Vulnerabilities to CVE-2018-25110?
Similar Vulnerabilities: CVE-2023-38545 , CVE-2022-24754 , CVE-2021-36367 , CVE-2020-8178 , CVE-2019-10744
