CWE-1333βInefficient Regular Expression Complexity
PUBLISHEDweakness recordHigh
released 2021-03-15 Β· last modified 2026-04-30
Metadata
- CWE ID:
- CWE-1333
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Draft
- Release Date:
- 2021-03-15
- Latest Modification Date:
- 2026-04-30
Weakness Name
Inefficient Regular Expression Complexity
Description
The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.
Common Consequences
- Scope:
- Availability
- Impact:
- DoS: Resource Consumption (CPU)
- Notes:
- Attackers can create crafted inputs that intentionally cause the regular expression to use excessive backtracking in a way that causes the CPU consumption to spike.