CWE-1333β€”Inefficient Regular Expression Complexity

PUBLISHEDweakness recordHigh
released 2021-03-15 Β· last modified 2026-04-30
CWE-1333 - Inefficient Regular Expression Complexity - Diagram

Metadata

CWE ID:
CWE-1333
Abstraction:
Base
Structure:
Simple
Status:
Draft
Release Date:
2021-03-15
Latest Modification Date:
2026-04-30

Weakness Name

Inefficient Regular Expression Complexity

Description

The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.

Common Consequences

Scope:
Availability
Impact:
DoS: Resource Consumption (CPU)
Notes:
Attackers can create crafted inputs that intentionally cause the regular expression to use excessive backtracking in a way that causes the CPU consumption to spike.

Related Weaknesses