CVE-2022-25844

Published: May 1, 2022Modified: Nov 20, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher.

Affected (4)

Products: Angularjs: Angularjs · Fedoraproject: Fedora · Netapp: Ontap Select Deploy Administration Utility

1 product

1 product

1 product

Ontap Select Deploy Administration Utility

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Angularjs Angularjs	From 1.7.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 35
Fedoraproject Fedora	Version 36

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Ontap Select Deploy Administration Utility	All versions

Related CWEs

Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

References (17)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3/

Source: report@snyk.io

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO/

Source: report@snyk.io

https://security.netapp.com/advisory/ntap-20220629-0009/

Source: report@snyk.io

Third Party Advisory

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2772736

Source: report@snyk.io

ExploitThird Party Advisory

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2772738

Source: report@snyk.io

ExploitThird Party Advisory

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2772737

Source: report@snyk.io

ExploitThird Party Advisory

https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735

Source: report@snyk.io

ExploitThird Party Advisory

https://stackblitz.com/edit/angularjs-material-blank-zvtdvb

Source: report@snyk.io

ExploitThird Party Advisory

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20220629-0009/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2772736

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2772738

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2772737

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://stackblitz.com/edit/angularjs-material-blank-zvtdvb

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.