kokke tiny-regex-c Pattern re.c matchstar redos_CVE-2026-11478

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local execution. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-11478

Source VulDB

Published Jun 8, 2026 at 02:00

Affected Product

Vendor kokke

Product tiny-regex-c

Version f2632c6d9ed25272987471cdb8b70395c2460bdb

Affected Versions kokke tiny-regex-c f2632c6d9ed25272987471cdb8b70395c2460bdb

CWE Classification

CWE-1333 CWE-400

References

{
    "lastseen": "",
    "description": "A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local execution. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-06-08T02:00:16.513Z",
    "modified": "2026-06-08T02:00:16.513Z",
    "type": "cve",
    "title": "kokke tiny-regex-c Pattern re.c matchstar redos",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/369098\nhttps://vuldb.com/vuln/369098/cti\nhttps://vuldb.com/cve/CVE-2026-11478\nhttps://vuldb.com/submit/833966\nhttps://github.com/kokke/tiny-regex-c/issues/100\nhttps://github.com/user-attachments/files/28046213/tiny-regex-c-redos-poc.zip\nhttps://github.com/kokke/tiny-regex-c/",
    "id": "CVE-2026-11478",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1333",
        "CWE-400"
    ],
    "cvelist": null,
    "sourceData": "kokke tiny-regex-c f2632c6d9ed25272987471cdb8b70395c2460bdb",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "tiny-regex-c",
    "version": "f2632c6d9ed25272987471cdb8b70395c2460bdb",
    "vendor": "kokke",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}