|
|
|
|
CWE-624 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Incomplete 624 (Weakness Base) | | Description | Summary The product uses a regular expression that either (1) contains an executable component
with user-controlled inputs, or (2) allows a user to enable execution by inserting pattern
modifiers. Case (2) is possible in the PHP preg_replace() function, and possibly in other
languages when a user-controlled input is inserted into a string that is later parsed as a regular
expression. | | Potential Mitigations | The regular expression feature in some languages allows inputs to be quoted or escaped
before insertion, such as \Q and \E in Perl. | | Observed Examples | | Reference | Description |
|---|
| CVE-2006-2059 - executable regexp in PHP by inserting "e" modifier into first
argument to preg_replace | | CVE-2005-3420 - executable regexp in PHP by inserting "e" modifier into first
argument to preg_replace | | CVE-2006-2878, CVE-2006-2908 - complex curly syntax inserted into the replacement
argument to PHP preg_replace(), which uses the "/e" modifier |
| | Research Gaps | Under-studied. The existing PHP reports are limited to highly skilled researchers, but
there are few examples for other languages. It is suspected that this is under-reported for all
languages. Usability factors might make it more prevalent in PHP, but this theory has not been
investigated. | | Relationships | | | Applicable Platforms | PHP Perl |
|
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated
