Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers [CVE-2025-2099]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers, due to an issue where the regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large...

DEBIAN-CVE-2025-54363

Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...

UBUNTU-CVE-2025-54364

Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings containing a...

UBUNTU-CVE-2025-54363

Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...

SUSE-SU-2024:2481-1 Security update for python-black

This update for python-black fixes the following issues: Updated to version 24.3.0: - CVE-2024-21503: Fixed a performance downgrade on docstrings that contain large numbers of leading tab characters bsc1221530...

psf/black: ReDoS via the lines_with_leading_tabs_expanded() function in strings.py file

The python-black package is susceptible to a regular expression denial of service ReDoS vulnerability, found in the lineswithleadingtabsexpanded function within the strings.py file. This vulnerability could be exploited by running Black on untrusted input or by inserting numerous leading tab...

GHSA-FJ7X-Q9J7-G6Q6 Black vulnerable to Regular Expression Denial of Service (ReDoS)

Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service ReDoS via the lineswithleadingtabsexpanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting thi...

CVE-2024-21503

Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service ReDoS via the lineswithleadingtabsexpanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting thi...

CVE-2024-21503

Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service ReDoS via the lineswithleadingtabsexpanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting thi...

PT-2024-2442 · Black +1 · Black +1

Name of the Vulnerable Software and Affected Versions: black versions prior to 24.3.0 Description: The issue is related to a Regular Expression Denial of Service ReDoS vulnerability via the lines with leading tabs expanded function in the strings.py file. An attacker could exploit this by craftin...