CVE-2021-40839

Beschreibung:
The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;x2fx7f), enabling a remote attack that consumes CPU and memory.

CWE: CWE-1021 CWE-259 CWE-522

CVSS-Bewertung
CVSS 2: MEDIUM – 4.3 (Version: 2.0)
CVSS 3: MEDIUM – 6.1 (Version: 3.1)

Links:

NVD – CVE-2021-40839
CVE – CVE-2021-40839

Link (max. 20) Quelle Tags
https://github.com/aresch/rencode/pull/29 MISC Third Party Advisory
https://pypi.org/project/rencode/#history MISC Exploit Third Party Advisory
https://seclists.org/fulldisclosure/2021/Sep/16 MISC
https://github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75 MISC

Quelle: NVD – CVE-2021-40839
Datum Veröffentlichung: 2021-09-10T02:15Z, Datum letzte Änderung: 2021-09-10T12:44Z