PT-2021-22973 · Pypi +2 · Encode +2

🗓️ 10 Sep 2021 00:00:00Reported by Positive TechnologiesType

Infinite loop in rencode typecode decoding up to version 1.0.6 could cause remote CPU and memory exhaustion.

Reporter	Title	Published	Views	Family All 28
FreeBSD	py39-rencode -- infinite loop that could lead to Denial of Service	9 Sep 202100:00	–	freebsd
AlpineLinux	CVE-2021-40839	10 Sep 202101:03	–	alpinelinux
CNNVD	Github rencode安全漏洞	10 Sep 202100:00	–	cnnvd
CVE	CVE-2021-40839	10 Sep 202101:03	–	cve
Cvelist	CVE-2021-40839	10 Sep 202101:03	–	cvelist
Debian CVE	CVE-2021-40839	10 Sep 202101:03	–	debiancve
Fedora	[SECURITY] Fedora 35 Update: python-rencode-1.0.6-17.fc35	15 Feb 202201:38	–	fedora
Fedora	[SECURITY] Fedora 34 Update: python-rencode-1.0.6-17.fc34	15 Feb 202201:17	–	fedora
Github Security Blog	Infinite Loop in rencode	13 Sep 202120:05	–	github
Mageia	Updated python-rencode packages fix security vulnerability	12 May 202210:24	–	mageia

Source	Link
github	www.github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75
github	www.github.com/aresch/rencode/pull/29
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/BMVQRPDVSVZNGGX57CFKCYT3DEYO4QB6
security-tracker	www.security-tracker.debian.org/tracker/CVE-2021-40839
osv	www.osv.dev/vulnerability/PYSEC-2021-345
cve	www.cve.org/CVERecord
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MCLETLGVM5DBX6QNHQFW6TWGO5T3DENY
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMVQRPDVSVZNGGX57CFKCYT3DEYO4QB6
osv	www.osv.dev/vulnerability/GHSA-gh8j-2pgf-x458
security-tracker	www.security-tracker.debian.org/tracker/source-package/python-rencode

25 Oct 2024 00:00Current

7High risk

Vulners AI Score7

CVSS 48.7

CVSS 25

CVSS 3.17.5

EPSS0.17289