PT-2023-12176 · Pypi+2 · Mechanize+2

Erik Krogh Kristensen

Publicado

2022-04-05

Atualizado

2025-12-22

CVE-2021-32837

CVSS v4.0

8.7

Alta

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions mechanize versions prior to 0.4.6

Description The mechanize library, used for automatically interacting with HTTP web servers, contains a regular expression vulnerable to regular expression denial of service (ReDoS). If a web server responds maliciously, mechanize could crash.

Recommendations For versions prior to 0.4.6, update to version 0.4.6 to resolve the issue. As a temporary workaround, consider restricting interactions with potentially malicious web servers until the patch is applied.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1333

Identificadores relacionados

ALT-PU-2022-1635

ALT-PU-2024-15187

ALT-PU-2024-8936

CVE-2021-32837

DLA-3460-1

DLA-4418-1

GHSA-G3PV-PJ5F-3HFQ

MGASA-2023-0036

OPENSUSE-SU-2023:0030-1

OPENSUSE-SU-2024:12621-1

OPENSUSE-SU-2025:15098-1

PYSEC-2023-25

Produtos afetados

Alt Linux

Debian

Mechanize

PT-2023-12176 · Pypi+2 · Mechanize+2

CVE-2021-32837

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 32