FLAT-OEBAB – Vulnerability

Asymmetric denial of service - ReDoS In rhino

Ecosystem	Package	Affected version	Patched versions
debian 11	rhino	=1.7.14-1 \|\| =1.7.14-2 \|\| =1.7.14-2.1 \|\| =1.7.14-2.1~bpo11+1 \|\| =1.7.15-1 \|\| =1.7.7.2-3	-
debian 12	rhino	=1.7.14-2.1 \|\| =1.7.15-1	-
debian 13	rhino	=1.7.15-1	-
debian 14	rhino	=1.7.15-1	-
maven default	org.mozilla:rhino	>=0 <1.7.14.1 \|\| >=1.7.15 <1.7.15.1 \|\| =1.8.0 \|\| >=1.8.0 <1.8.1	1.7.14.1, 1.7.15.1, 1.8.1

Description

Rhino has high CPU usage and potential DoS when passing specific numbers to toFixed() function When an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service.

Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power.

Example code: (4.47118444E-314).toFixed(2)

Mitigation

• debian rhino: No known patch available

• maven org.mozilla:rhino: Upgrade to version(s) 1.7.14.1, 1.7.15.1, 1.8.1 or higher.

References

• GitHub Advisory Database

Severity v4.0

2.7

Low

Fluid Attacks ID

FLAT-OEBAB

CVE ID

CVE-2025-66453

CWE ID(s)

CWE-400

Alternative ID

GHSA-3w8q-xq97-5j7x

EPSS

N/A

Percentile

N/A

Source

GitHub Advisory Database

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.