CVE-2009-3276

EUVD-2009-3259
Zoran/WinFormsAdvansed/RegeularDataToXML/Form1.cs in WinFormsAdvansed in NASD CORE.NET Terelik (aka corenet1) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many alphabetic characters followed by a ! (exclamation point), related to a certain regular expression, aka a "ReDoS" vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
nasdcorenet1
1.2
nasdcorenet1
1.7
nasdcorenet1
1.8
nasdcorenet1
1.9
nasdcorenet1
1.10
nasdcorenet1
1.12
nasdcorenet1
1.13
nasdcorenet1
1.15
nasdcorenet1
1.17
nasdcorenet1
1.18
nasdcorenet1
1.19
nasdcorenet1
1.24
nasdcorenet1
2.7
nasdcorenet1
2.8
nasdcorenet1
2.9
nasdcorenet1
2.11
nasdcorenet1
2.12
nasdcorenet1
2.13
nasdcorenet1
2.14
nasdcorenet1
2.15
nasdcorenet1
2.16
nasdcorenet1
2.17
nasdcorenet1
2.18
nasdcorenet1
2.19
nasdcorenet1
3.2
nasdcorenet1
3.11
nasdcorenet1
3.12
nasdcorenet1
3.13
nasdcorenet1
3.14
nasdcorenet1
3.15
nasdcorenet1
3.16
𝑥
= Vulnerable software versions
References
http://www.checkmarx.com/Upload/Documents/PDF/Checkmarx_OWASP_IL_2009_ReDoS.pdf
http://www.securityfocus.com/archive/1/506419/100/0/threaded
http://www.checkmarx.com/Upload/Documents/PDF/Checkmarx_OWASP_IL_2009_ReDoS.pdf
http://www.securityfocus.com/archive/1/506419/100/0/threaded