CWE · MITRE source
CWE-1333Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
Attackers can create crafted inputs that intentionally cause the regular expression to use excessive backtracking in a way that causes the CPU consumption to spike.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2022-24713 | 2.1 | 7.5 | 0.1040 | 2022-03-08 |
CVE-2023-36053 | 2.1 | 7.5 | 0.0983 | 2023-07-03 |
CVE-2021-3749 | 2.0 | 7.5 | 0.0889 | 2021-08-31 |
CVE-2022-41323 | 2.0 | 7.5 | 0.0786 | 2022-10-16 |
CVE-2023-29486 | 2.0 | 9.8 | 0.0012 | 2023-12-21 |
CVE-2026-35458 | 2.0 | 9.8 | 0.0006 | 2026-04-07 |
CVE-2022-37599 | 1.8 | 7.5 | 0.0421 | 2022-10-11 |
CVE-2023-3364 | 1.8 | 7.5 | 0.0471 | 2023-08-02 |
CVE-2023-43646 | 1.8 | 8.6 | 0.0135 | 2023-09-27 |
CVE-2023-29487 | 1.8 | 9.1 | 0.0007 | 2023-12-21 |
CVE-2024-8124 | 1.8 | 7.5 | 0.0455 | 2024-09-12 |
CVE-2021-27291 | 1.7 | 7.5 | 0.0340 | 2021-03-17 |
CVE-2022-31129 | 1.7 | 7.5 | 0.0343 | 2022-07-06 |
CVE-2021-32837 | 1.7 | 7.5 | 0.0284 | 2023-01-17 |
CVE-2023-23621 | 1.7 | 8.6 | 0.0040 | 2023-01-28 |
CVE-2023-23925 | 1.7 | 8.6 | 0.0045 | 2023-02-03 |
CVE-2022-44570 | 1.7 | 7.5 | 0.0312 | 2023-02-09 |
CVE-2022-44571 | 1.7 | 7.5 | 0.0312 | 2023-02-09 |
CVE-2024-24762 | 1.7 | 7.5 | 0.0333 | 2024-02-05 |
CVE-2024-26142 | 1.7 | 7.5 | 0.0354 | 2024-02-27 |
CVE-2024-6232 | 1.7 | 7.5 | 0.0365 | 2024-09-03 |
CVE-2015-8315 | 1.6 | 7.5 | 0.0086 | 2017-01-23 |
CVE-2015-8854 | 1.6 | 7.5 | 0.0089 | 2017-01-23 |
CVE-2022-25598 | 1.6 | 7.5 | 0.0113 | 2022-03-30 |
CVE-2022-24836 | 1.6 | 7.5 | 0.0134 | 2022-04-11 |