CVE Vulnerabilities

CVE-2024-6038

Permissive Regular Expression

Published: Jun 27, 2024 | Modified: Jul 30, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filter_history function within the utils.py module. This function takes a user-provided keyword and attempts to match it against chat history filenames using a regular expression search. Due to the lack of sanitization or validation of the keyword parameter, an attacker can inject a specially crafted regular expression, leading to a denial of service condition. This can cause severe degradation of service performance and potential system unavailability.

Weakness

The product uses a regular expression that does not sufficiently restrict the set of allowed values.

Affected Software

Name Vendor Start Version End Version
Chuanhuchatgpt Gaizhenbiao 20240410 (including) 20240410 (including)

Extended Description

This effectively causes the regexp to accept substrings that match the pattern, which produces a partial comparison to the target. In some cases, this can lead to other weaknesses. Common errors include:

Potential Mitigations

References