• User-agent parsing REDoS (CVE‑2020‑5243)

    February 2020
    Due to my research into Regular Expression Denial-of-Service (REDoS), I found and (after bug bounties) finally publicly reported CVE-2020-5243 in uap-core. Dependent packages uap-python, uap-ruby, etc are/were vulnerable…
  • Two REDoS vulns in cpython

    November 2019
    I ran my top-secret REDoS-finding engine over the python code in cpython and found two remotely-exploitable vulnerabilities. Making a request to a malicious web server leads to denial of service (approximately infinite CPU time)…

[blog by caller] Correspondence welcome at ℬ㏒ {@} ㎈ℓℯℛ.ⓧⓨℤ