{"api_version":"1","generated_at":"2026-04-22T22:49:38+00:00","cve":"CVE-2022-24713","urls":{"html":"https://cve.report/CVE-2022-24713","api":"https://cve.report/api/cve/CVE-2022-24713.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-24713","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-24713"},"summary":{"title":"CVE-2022-24713","description":"regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.","state":"PUBLIC","assigner":"security-advisories@github.com","published_at":"2022-03-08 19:15:00","updated_at":"2023-11-07 03:44:00"},"problem_types":["CWE-1333"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3YB7CURSG64CIPCDPNMGPE4UU24AB6H/","name":"FEDORA-2022-d20d44ba98","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: rust-regex-1.5.5-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8","name":"https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8","refsource":"CONFIRM","tags":[],"title":"Regexes with large repetitions on empty sub-expressions take a very long time to parse · Advisory · rust-lang/regex · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2022/dsa-5113","name":"DSA-5113","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5113-1 firefox-esr","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PDOWTHNVGBOP2HN27PUFIGRYNSNDTYRJ/","name":"FEDORA-2022-ceb3e03c5e","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-regex-1.5.5-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00003.html","name":"[debian-lts-announce] 20220407 [SECURITY] [DLA 2971-1] firefox-esr security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2971-1] firefox-esr security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3YB7CURSG64CIPCDPNMGPE4UU24AB6H/","name":"FEDORA-2022-d20d44ba98","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: rust-regex-1.5.5-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202208-14","name":"GLSA-202208-14","refsource":"GENTOO","tags":[],"title":"Mozilla Thunderbird: Multiple Vulnerabilities (GLSA 202208-14) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00009.html","name":"[debian-lts-announce] 20220411 [SECURITY] [DLA 2978-1] thunderbird security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2978-1] thunderbird security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw","name":"https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw","refsource":"MISC","tags":[],"title":"Security advisory for the regex crate (CVE-2022-24713)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2022/dsa-5118","name":"DSA-5118","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5118-1 thunderbird","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202208-08","name":"GLSA-202208-08","refsource":"GENTOO","tags":[],"title":"Mozilla Firefox: Multiple Vulnerabilities (GLSA 202208-08) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDOWTHNVGBOP2HN27PUFIGRYNSNDTYRJ/","name":"FEDORA-2022-ceb3e03c5e","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-regex-1.5.5-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/rust-lang/regex/commit/ae70b41d4f46641dbc45c7a4f87954aea356283e","name":"https://github.com/rust-lang/regex/commit/ae70b41d4f46641dbc45c7a4f87954aea356283e","refsource":"MISC","tags":[],"title":"security: fix denial-of-service bug in compiler · rust-lang/regex@ae70b41 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JANLZ3JXWJR7FSHE57K66UIZUIJZI67T/","name":"FEDORA-2022-8436ac4c39","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: rust-regex-1.5.5-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JANLZ3JXWJR7FSHE57K66UIZUIJZI67T/","name":"FEDORA-2022-8436ac4c39","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: rust-regex-1.5.5-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-24713","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24713","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"24713","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24713","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24713","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24713","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24713","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24713","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"36","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24713","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"rust-lang","cpe5":"regex","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"rust","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-24713","qid":"159748","title":"Oracle Enterprise Linux Security Update for firefox (ELSA-2022-1287)"},{"cve":"CVE-2022-24713","qid":"159751","title":"Oracle Enterprise Linux Security Update for firefox (ELSA-2022-1284)"},{"cve":"CVE-2022-24713","qid":"159752","title":"Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-1302)"},{"cve":"CVE-2022-24713","qid":"159753","title":"Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-1301)"},{"cve":"CVE-2022-24713","qid":"179173","title":"Debian Security Update for firefox-esr (DSA 5113-1)"},{"cve":"CVE-2022-24713","qid":"179174","title":"Debian Security Update for firefox-esr (DLA 2971-1)"},{"cve":"CVE-2022-24713","qid":"179183","title":"Debian Security Update for thunderbird (DSA 5118-1)"},{"cve":"CVE-2022-24713","qid":"179185","title":"Debian Security Update for thunderbird (DLA 2978-1)"},{"cve":"CVE-2022-24713","qid":"182545","title":"Debian Security Update for firefox-esrthunderbirdrust-regex (CVE-2022-24713)"},{"cve":"CVE-2022-24713","qid":"198733","title":"Ubuntu Security Notification for Firefox Vulnerabilities (USN-5370-1)"},{"cve":"CVE-2022-24713","qid":"198936","title":"Ubuntu Security Notification for rust-regex Vulnerability (USN-5610-1)"},{"cve":"CVE-2022-24713","qid":"240205","title":"Red Hat Update for firefox (RHSA-2022:1286)"},{"cve":"CVE-2022-24713","qid":"240206","title":"Red Hat Update for firefox (RHSA-2022:1285)"},{"cve":"CVE-2022-24713","qid":"240207","title":"Red Hat Update for firefox (RHSA-2022:1287)"},{"cve":"CVE-2022-24713","qid":"240208","title":"Red Hat Update for firefox (RHSA-2022:1284)"},{"cve":"CVE-2022-24713","qid":"240211","title":"Red Hat Update for thunderbird (RHSA-2022:1302)"},{"cve":"CVE-2022-24713","qid":"240212","title":"Red Hat Update for thunderbird (RHSA-2022:1305)"},{"cve":"CVE-2022-24713","qid":"240214","title":"Red Hat Update for thunderbird (RHSA-2022:1301)"},{"cve":"CVE-2022-24713","qid":"240215","title":"Red Hat Update for thunderbird (RHSA-2022:1326)"},{"cve":"CVE-2022-24713","qid":"240428","title":"Red Hat Update for firefox (RHSA-2022:1283)"},{"cve":"CVE-2022-24713","qid":"282485","title":"Fedora Security Update for rust (FEDORA-2022-ceb3e03c5e)"},{"cve":"CVE-2022-24713","qid":"282486","title":"Fedora Security Update for rust (FEDORA-2022-8436ac4c39)"},{"cve":"CVE-2022-24713","qid":"296064","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 46.119.2 Missing (CPUAPR2022)"},{"cve":"CVE-2022-24713","qid":"353266","title":"Amazon Linux Security Advisory for thunderbird : ALAS2-2022-1789"},{"cve":"CVE-2022-24713","qid":"376518","title":"Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2022-14)"},{"cve":"CVE-2022-24713","qid":"376519","title":"Mozilla Firefox Multiple Vulnerabilities (MFSA2022-13)"},{"cve":"CVE-2022-24713","qid":"376522","title":"Mozilla Thunderbird Multiple Vulnerabilities (MFSA2022-15)"},{"cve":"CVE-2022-24713","qid":"502040","title":"Alpine Linux Security Update for bat"},{"cve":"CVE-2022-24713","qid":"502076","title":"Alpine Linux Security Update for firefox-esr"},{"cve":"CVE-2022-24713","qid":"502246","title":"Alpine Linux Security Update for bat"},{"cve":"CVE-2022-24713","qid":"502264","title":"Alpine Linux Security Update for delta"},{"cve":"CVE-2022-24713","qid":"502368","title":"Alpine Linux Security Update for swayr"},{"cve":"CVE-2022-24713","qid":"502388","title":"Alpine Linux Security Update for thunderbird"},{"cve":"CVE-2022-24713","qid":"502691","title":"Alpine Linux Security Update for firefox"},{"cve":"CVE-2022-24713","qid":"504586","title":"Alpine Linux Security Update for bat"},{"cve":"CVE-2022-24713","qid":"504661","title":"Alpine Linux Security Update for delta"},{"cve":"CVE-2022-24713","qid":"710582","title":"Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 202208-08)"},{"cve":"CVE-2022-24713","qid":"710585","title":"Gentoo Linux Mozilla Thunderbird Multiple Vulnerabilities (GLSA 202208-14)"},{"cve":"CVE-2022-24713","qid":"751972","title":"SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:1127-1)"},{"cve":"CVE-2022-24713","qid":"751973","title":"OpenSUSE Security Update for MozillaFirefox (openSUSE-SU-2022:1127-1)"},{"cve":"CVE-2022-24713","qid":"752855","title":"SUSE Enterprise Linux Security Update for rustup (SUSE-SU-2022:3949-1)"},{"cve":"CVE-2022-24713","qid":"752934","title":"SUSE Enterprise Linux Security Update for sccache (SUSE-SU-2022:4073-1)"},{"cve":"CVE-2022-24713","qid":"753461","title":"SUSE Enterprise Linux Security Update for MozillaThunderbird (SUSE-SU-2022:1176-1)"},{"cve":"CVE-2022-24713","qid":"940476","title":"AlmaLinux Security Update for firefox (ALSA-2022:1287)"},{"cve":"CVE-2022-24713","qid":"940477","title":"AlmaLinux Security Update for thunderbird (ALSA-2022:1301)"},{"cve":"CVE-2022-24713","qid":"960590","title":"Rocky Linux Security Update for thunderbird (RLSA-2022:1301)"},{"cve":"CVE-2022-24713","qid":"960633","title":"Rocky Linux Security Update for firefox (RLSA-2022:1287)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security-advisories@github.com","ID":"CVE-2022-24713","STATE":"PUBLIC","TITLE":"Regular expression denial of service in Rust's regex crate"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"regex","version":{"version_data":[{"version_value":"< 1.5.5"}]}}]},"vendor_name":"rust-lang"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes."}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-400: Uncontrolled Resource Consumption"}]}]},"references":{"reference_data":[{"name":"https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8","refsource":"CONFIRM","url":"https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8"},{"name":"https://github.com/rust-lang/regex/commit/ae70b41d4f46641dbc45c7a4f87954aea356283e","refsource":"MISC","url":"https://github.com/rust-lang/regex/commit/ae70b41d4f46641dbc45c7a4f87954aea356283e"},{"name":"https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw","refsource":"MISC","url":"https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw"},{"refsource":"FEDORA","name":"FEDORA-2022-ceb3e03c5e","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PDOWTHNVGBOP2HN27PUFIGRYNSNDTYRJ/"},{"refsource":"FEDORA","name":"FEDORA-2022-8436ac4c39","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JANLZ3JXWJR7FSHE57K66UIZUIJZI67T/"},{"refsource":"FEDORA","name":"FEDORA-2022-d20d44ba98","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3YB7CURSG64CIPCDPNMGPE4UU24AB6H/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20220407 [SECURITY] [DLA 2971-1] firefox-esr security update","url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00003.html"},{"refsource":"DEBIAN","name":"DSA-5113","url":"https://www.debian.org/security/2022/dsa-5113"},{"refsource":"MLIST","name":"[debian-lts-announce] 20220411 [SECURITY] [DLA 2978-1] thunderbird security update","url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00009.html"},{"refsource":"DEBIAN","name":"DSA-5118","url":"https://www.debian.org/security/2022/dsa-5118"},{"refsource":"GENTOO","name":"GLSA-202208-08","url":"https://security.gentoo.org/glsa/202208-08"},{"refsource":"GENTOO","name":"GLSA-202208-14","url":"https://security.gentoo.org/glsa/202208-14"}]},"source":{"advisory":"GHSA-m5pq-gvj9-9vr8","discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2022-03-08 19:15:00","lastModifiedDate":"2023-11-07 03:44:00","problem_types":["CWE-1333"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:rust-lang:regex:*:*:*:*:*:rust:*:*","versionEndExcluding":"1.5.5","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"24713","Ordinal":"228152","Title":"CVE-2022-24713","CVE":"CVE-2022-24713","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"24713","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}