CVE-2019-1333Regex Denial of Service in Microsoft Windows

CWE-1333Regex Denial of ServiceCWE-400Uncontrolled Resource Consumption20 documents11 sources
Severity
8.8HIGHNVD
GHSA7.5
EPSS
30.3%
top 3.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Djangoproject DjangoKhanacademy Simple-markdownRemarkable Project Remarkable+9 more
Timeline
PublishedOct 10
Latest updateMar 15

Description

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages10 packages

CVEListV5microsoft/windows_server17 versions+16
CVEListV5microsoft/windows20 versions+19
NVDmicrosoft/windowsr2, 1803, 1903+2
NVDmicrosoft/windows_106 versions+5

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

8
GHSA
Regular expression denial-of-service in Django2024-03-15
GHSA
Regular Expression Denial of Service in simple-markdown2023-02-12
GHSA
Regular Expression Denial of Service in simple-markdown2023-02-12
GHSA
GHSA-83hg-4r84-wrr4: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Clie2022-05-24
GHSA
Inefficient Regular Expression Complexity in Jenkins Build Failure Analyzer Plugin2022-05-24

📋Vendor Advisories

3
Red Hat
python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words()2024-03-04
Red Hat
python-django: Denial-of-service possibility in django.utils.text.Truncator2023-10-04
Microsoft
Remote Desktop Client Remote Code Execution Vulnerability2019-10-08

🕵️Threat Intelligence

8
Trendmicro
Short October Patch Tuesday: 9 Critical Fixes Featured2019-10-09
Trendmicro
Short October Patch Tuesday: 9 Critical Fixes Featured2019-10-09
Qualys
October 2019 Patch Tuesday – 59 vulns, 9 Critical, Azure App Service, Remote Desktop Client, PoC for Windows Error Reporting2019-10-08
Talos
Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage2019-10-08
Tenable
Microsoft's October 2019 Patch Tuesday: Tenable Roundup2019-10-08
CVE-2019-1333 — Regex Denial of Service in Microsoft | cvebase