CVE-2023-25166 — Vulnetix

CVE-2023-25166 PUBLISHED CVSS 5.5 MEDIUM

formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability.

EPSS 1.15% · 78.9th percentile

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS Score

1.15%

78.9th percentile

Affected Products

Vendor	Product	Versions
sideway	formula	0, 0
hapijs	formula	*, < 3.0.1
hapi	formula	0, 0

Exploit Intelligence

Timeline

CVE Published
Feb 8, 2023 PoC Published
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 21, 2023 EPSS Score
Apr 30, 2023 EPSS Score
Jun 9, 2023 EPSS Score
Jul 18, 2023 EPSS Score
Aug 27, 2023 EPSS Score
Sep 27, 2023 PoC Published
Oct 6, 2023 EPSS Score
Nov 15, 2023 EPSS Score

References

https://github.com/hapijs/formula/security/advisories/GHSA-c2jc-4fpr-4vhg url
https://github.com/hapijs/formula/commit/9fbc20a02d75ae809c37a610a57802cd1b41b3fe url
https://www.ibm.com/support/pages/node/7173631 advisory
https://www.ibm.com/support/pages/node/7174016 advisory
https://www.ibm.com/support/pages/node/7174015 advisory
https://www.ibm.com/support/pages/node/7173632 advisory
https://www.ibm.com/support/pages/node/7172691 advisory
https://www.ibm.com/support/pages/node/7172692 advisory
https://www.ibm.com/support/pages/node/7173592 advisory
https://www.ibm.com/support/pages/node/7173866 advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-25166 advisory
https://github.com/hapijs/formula package

Open in Interactive Console →