Skip to content

Regular Expression DoS (ReDoS)

Understanding the Mechanics of Regular Expression DoS Attacks

Prevent Regex DoS Effectively
Table of Contents

What is regular expression DoS (ReDoS)?

Regular expressions can reside in every layer of the web. The Regular expression Denial of Service (ReDoS) produces one or more regular expressions or regex(s) that “run on and on” by design. Using an “evil regex,” the attacker is able to exploit a web browser on either computer or mobile device, hang up a Web Application Firewall (WAF), or attack a vulnerable database or web server.

With a ReDoS attack, carefully crafted inputs trick innocent but regular expressions to run indefinitely. ReDoS will either slow down the application or completely crash it, as the regex engine tries to find a match by running every possible combination of characters. When all permutations fail to find a match, the regular expression will run on forever until manually terminated.

 

Learn More About Contrast Security