CVE-2021-45470 – CVE-2021-45470 is a regular expression injectio... (How to Fix)

Q: What is the severity of CVE-2021-45470?

CVE-2021-45470 has a CVSS score of 7.5 (HIGH). CVE-2021-45470 is a regular expression injection vulnerability in cve-search's DatabaseLayer.py that allows attackers to inject malicious regex patterns. This can lead to ReDoS (regular expression denial of service) attacks causing service degradation or potentially other impacts through regex manipulation. Organizations using cve-search versions before 4.1.0 for vulnerability management are affected.

📋 TL;DR

CVE-2021-45470 is a regular expression injection vulnerability in cve-search's DatabaseLayer.py that allows attackers to inject malicious regex patterns. This can lead to ReDoS (regular expression denial of service) attacks causing service degradation or potentially other impacts through regex manipulation. Organizations using cve-search versions before 4.1.0 for vulnerability management are affected.

💻 Affected Systems

Products:

cve-search

Versions: All versions before 4.1.0

Operating Systems: All platforms running cve-search

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in DatabaseLayer.py where user input is used in regex operations without proper sanitization.

📦 What is this software?

Cve Search by Circl

View all CVEs affecting Cve Search →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service denial through ReDoS causing CPU exhaustion, potentially allowing regex injection to bypass security controls or manipulate database queries.

🟠

Likely Case

Service degradation through ReDoS attacks causing performance issues and potential denial of service for legitimate users.

🟢

If Mitigated

Minimal impact with proper input validation and rate limiting in place, though regex injection vectors remain.

🌐 Internet-Facing: HIGH if cve-search API is exposed to untrusted users who can submit malicious regex patterns.

🏢 Internal Only: MEDIUM as internal users could still exploit, but attack surface is reduced compared to internet exposure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires ability to submit input to affected regex operations; no authentication bypass needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.1.0

Vendor Advisory: https://github.com/cve-search/cve-search/commit/c621f9f0693a728b93ff3b964f948a1d25917207

Restart Required: Yes

Instructions:

1. Backup current cve-search installation. 2. Update to version 4.1.0 or later using git: 'git pull origin master' or download release. 3. Restart cve-search services. 4. Verify update with version check.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement input validation to reject or sanitize regex patterns in user input

# Add input validation in DatabaseLayer.py before regex operations
# Example: validate regex patterns are safe before processing

Rate Limiting

linux

Implement rate limiting on API endpoints to mitigate ReDoS impact

# Configure web server or application rate limiting
# Example: nginx: limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s

🧯 If You Can't Patch

Implement strict input validation to reject complex regex patterns from untrusted sources
Deploy WAF rules to detect and block malicious regex patterns in requests

🔍 How to Verify

Check if Vulnerable:

Check cve-search version: if version < 4.1.0, system is vulnerable. Review DatabaseLayer.py for regex injection patterns.

Check Version:

python -c "import cve_search; print(cve_search.__version__)" or check git tag/release files

Verify Fix Applied:

Verify version is 4.1.0 or later and examine DatabaseLayer.py for proper input sanitization in regex operations.

📡 Detection & Monitoring

Log Indicators:

Unusually long regex patterns in requests
High CPU usage on cve-search processes
Multiple failed regex operations

Network Indicators:

Repeated requests with complex regex patterns
Unusual request patterns to DatabaseLayer endpoints

SIEM Query:

source="cve-search" AND ("regex" OR "DatabaseLayer") AND (status=500 OR duration>5s)

📊 Metadata

CVE ID: CVE-2021-45470

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-1333

Published: December 23, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/cve-search/cve-search/commit/c621f9f0693a728b93ff3b964f948a1d25917207 Patch,Third Party Advisory
https://github.com/cve-search/cve-search/compare/v4.0...v4.1.0 Third Party Advisory
https://github.com/cve-search/cve-search/pull/629 Exploit,Patch,Third Party Advisory
https://github.com/cve-search/cve-search/commit/c621f9f0693a728b93ff3b964f948a1d25917207 Patch,Third Party Advisory
https://github.com/cve-search/cve-search/compare/v4.0...v4.1.0 Third Party Advisory
https://github.com/cve-search/cve-search/pull/629 Exploit,Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45470, you might also want to check these: