CVE-2023-27704

MEDIUM

Everything < 1.4.1.1022 - Regular Expression Denial of Service

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-27704. PoCs published by happy0717.

AI-analyzed exploit summary The repository describes a ReDoS vulnerability in Void Tools Everything but lacks actual exploit code, instead directing users to an external Google Drive link for details. The README contains vague descriptions without technical depth.

Description

Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression Denial of Service (ReDoS).

Exploits (1)

nomisec SUSPICIOUS

by happy0717 · poc

https://github.com/happy0717/CVE-2023-27704

View Code ZIP pw:eip

The repository describes a ReDoS vulnerability in Void Tools Everything but lacks actual exploit code, instead directing users to an external Google Drive link for details. The README contains vague descriptions without technical depth.

Classification

Suspicious 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Theoretical

Target: Void Tools Everything < 1.4.1.1022

No auth needed

Prerequisites: Enable regex function in Everything · Insert crafted regex in search box

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Permissions Required

https://drive.google.com/drive/folders/1BmHAGSugrFo0whDEmg6nnbaOkvE21X-p?usp=sharing

Third Party Advisory

https://github.com/happy0717/CVE-2023-27704

Product

https://www.voidtools.com/en-us/downloads/

Scores

CVSS v3 5.5

EPSS 0.0037

EPSS Percentile 28.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-1333

Status published

Products (1)

voidtools/everything < 1.4.1.1022

Published Apr 12, 2023

Tracked Since Feb 18, 2026