Slowfuzz: Automated domain-independent detection of algorithmic complexity vulnerabilities
Algorithmic complexity vulnerabilities occur when the worst-case time/space complexity of
an application is significantly higher than the respective average case for particular user …
an application is significantly higher than the respective average case for particular user …
Freezing the Web: a study of {ReDoS} vulnerabilities in {JavaScript-based} web servers
Regular expression denial of service (ReDoS) is a class of algorithmic complexity attacks
where matching a regular expression against an attacker-provided input takes unexpectedly …
where matching a regular expression against an attacker-provided input takes unexpectedly …
The impact of regular expression denial of service (ReDoS) in practice: an empirical study at the ecosystem scale
Regular expressions (regexes) are a popular and powerful means of automatically
manipulating text. Regexes are also an understudied denial of service vector (ReDoS). If a …
manipulating text. Regexes are also an understudied denial of service vector (ReDoS). If a …
Regexes are hard: Decision-making, difficulties, and risks in programming regular expressions
LG Michael, J Donohue, JC Davis… - 2019 34th IEEE/ACM …, 2019 - ieeexplore.ieee.org
Regular expressions (regexes) are a powerful mechanism for solving string-matching
problems. They are supported by all modern programming languages, and have been …
problems. They are supported by all modern programming languages, and have been …
Why aren't regular expressions a lingua franca? an empirical study on the re-use and portability of regular expressions
This paper explores the extent to which regular expressions (regexes) are portable across
programming languages. Many languages offer similar regex syntaxes, and it would be …
programming languages. Many languages offer similar regex syntaxes, and it would be …
ReScue: crafting regular expression DoS attacks
Regular expression (regex) with modern extensions is one of the most popular string
processing tools. However, poorly-designed regexes can yield exponentially many matching …
processing tools. However, poorly-designed regexes can yield exponentially many matching …
HotFuzz: Discovering algorithmic denial-of-service vulnerabilities through guided micro-fuzzing
Contemporary fuzz testing techniques focus on identifying memory corruption vulnerabilities
that allow adversaries to achieve either remote code execution or information disclosure …
that allow adversaries to achieve either remote code execution or information disclosure …
Tabby: Automated gadget chain detection for java deserialization vulnerabilities
X Chen, B Wang, Z Jin, Y Feng, X Li… - 2023 53rd Annual …, 2023 - ieeexplore.ieee.org
Java is one of the preferred options of modern developers and has become increasingly
more prominent with the prevalence of the open-source culture. Thanks to the serialization …
more prominent with the prevalence of the open-source culture. Thanks to the serialization …
SurgeProtector: Mitigating temporal algorithmic complexity attacks using adversarial scheduling
Denial-of-Service (DoS) attacks are the bane of public-facing network deployments.
Algorithmic complexity attacks (ACAs) are a class of DoS attacks where an attacker uses a …
Algorithmic complexity attacks (ACAs) are a class of DoS attacks where an attacker uses a …
Revealer: Detecting and exploiting regular expression denial-of-service vulnerabilities
Regular expression Denial-of-Service (ReDoS) is a class of algorithmic complexity attacks.
Attackers can craft particular strings to trigger the worst-case super-linear matching time of …
Attackers can craft particular strings to trigger the worst-case super-linear matching time of …