Linux Distros Unpatched Vulnerability : CVE-2021-43854

🗓️ 05 Mar 2025 00:00:00Reported by TenableType

Linux/Unix hosts have unpatched vulnerability in NLTK package, exposing to ReDoS attacks.

Reporter	Title	Published	Views	Family All 25
Circl	CVE-2021-43854	23 Dec 202120:21	–	circl
CNNVD	Natural Language Toolkit 资源管理错误漏洞	23 Dec 202100:00	–	cnnvd
CNVD	Natural Language Toolkit Resource Management Error Vulnerability	27 Dec 202100:00	–	cnvd
CVE	CVE-2021-43854	23 Dec 202117:55	–	cve
Cvelist	CVE-2021-43854 Inefficient Regular Expression Complexity in nltk	23 Dec 202117:55	–	cvelist
Debian CVE	CVE-2021-43854	23 Dec 202117:55	–	debiancve
EUVD	EUVD-2021-0148	7 Oct 202500:30	–	euvd
Github Security Blog	Inefficient Regular Expression Complexity in nltk (word_tokenize, sent_tokenize)	6 Jan 202217:38	–	github
NVD	CVE-2021-43854	23 Dec 202118:15	–	nvd
OpenVAS	Ubuntu: Security Advisory (USN-7365-1)	24 Mar 202500:00	–	openvas

Source	Link
security-tracker	www.security-tracker.debian.org/tracker/CVE-2021-43854
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(224202);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/18");

  script_cve_id("CVE-2021-43854");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2021-43854");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials
    supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable
    to regular expression denial of service (ReDoS) attacks. The vulnerability is present in
    PunktSentenceTokenizer, sent_tokenize and word_tokenize. Any users of this class, or these two functions,
    are vulnerable to the ReDoS attack. In short, a specifically crafted long input to any of these vulnerable
    functions will cause them to take a significant amount of execution time. If your program relies on any of
    the vulnerable functions for tokenizing unpredictable user input, then we would strongly recommend
    upgrading to a version of NLTK without the vulnerability. For users unable to upgrade the execution time
    can be bounded by limiting the maximum length of an input to any of the vulnerable functions. Our
    recommendation is to implement such a limit. (CVE-2021-43854)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-43854");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-43854");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/12/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/03/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nltk");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("set_linux_os_id.nasl", "ssh_get_info2.nasl");
  script_require_keys("Host/OS/identifier", "Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched");
  script_require_ports("Host/OS/Debian Linux-11");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Debian Linux-11": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "11",
        "pkgs": [
          {"reference": "python3-nltk"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

18 Aug 2025 00:00Current

7.4High risk

Vulners AI Score7.4

CVSS 25

CVSS 3.17.5

EPSS0.00144

linux vulnerability nltk redos attack unpatched cve-2021-43854 execution time limit