Regular Expression Denial of Service
ReDoS exploits poorly written regular expressions whose matching time explodes on certain crafted inputs, a behavior called catastrophic backtracking. A single short malicious string can pin a server's CPU for minutes, taking an application offline without any traffic flood. Defenses include avoiding nested quantifiers, using regex engines with linear-time guarantees, and putting timeouts on matching.