#36868: Bugs is normalize() function
----------------------------+-----------------------------------------
Reporter: hhellbentt | Type: Uncategorized
Status: new | Component: Forms
Version: 6.0 | Severity: Normal
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
----------------------------+-----------------------------------------
Hello, I am engaged in fuzzing testing and have found two bugs in your
project (possibly vulnerabilities, but when reproduced, the project does
not crash, which means they are simply bugs).
The normalize function from
https://github.com/django/django/blob/main/django/utils/regex_helper.py
Crashes when receiving the following data in two cases:
1) curl -X POST http://127.0.0.1:8000/regex/ --data-binary
$'pattern=\\\266\367 (two backslashes break the logic)
2) when receiving unpaired opening and closing tags, the pop() array
method attempts to remove something that does not exist from an empty
array.
I think this is potentially a vector for a DOS attack. I hope you will fix
this as soon as possible.
Translated with DeepL.com (free version)
--
Ticket URL: <https://code.djangoproject.com/ticket/36868>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/0107019bc2927ec1-ef31c2d1-2dbe-46d4-aada-f9a9e2245591-000000%40eu-central-1.amazonses.com.
