CVE-2021-20270

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Pygments versions 1.5 to 2.7.3

Description The issue is related to an infinite loop in the SMLLexer function of the Pygments library. This can lead to a denial of service when performing syntax highlighting of a Standard ML (SML) source file. The vulnerability can be exploited by a remote attacker, potentially causing the service to become unresponsive. The issue is demonstrated by input that only contains the "exception" keyword.

Recommendations For Pygments versions 1.5 to 2.7.3, consider disabling the SMLLexer function until a patch is available to prevent potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALSA-2021:4139

ALSA-2021:4150

ALSA-2021:4151

ALT-PU-2021-1669

ALT-PU-2021-1712

ALT-PU-2021-2091

AZL-35137

AZL-6811

BDU:2021-03173

CESA-2021_4139

CESA-2021_4150

CESA-2021_4151

CVE-2021-20270

DLA-2590-1

DLA-2648-1

DLA-2648-2

DSA-4870-1

DSA-4889-1

GHSA-9W8R-397F-PRFH

MGASA-2021-0218

OESA-2021-1154

OPENSUSE-SU-2021:1402-1

OPENSUSE-SU-2021_1402-1

OPENSUSE-SU-2024:13208-1

PYSEC-2021-140

RHSA-2021:0781

RHSA-2021:3252

RHSA-2021:4139

RHSA-2021:4150

RHSA-2021:4151

RHSA-2021_4139

RHSA-2021_4150

RHSA-2021_4151

RLSA-2021:4139

RLSA-2021:4150

RLSA-2021:4151

SUSE-SU-2021:1500-1

SUSE-SU-2021:3473-1

SUSE-SU-2021_1500-1

SUSE-SU-2021_3473-1

USN-4885-1

USN-4897-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Pygments

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2021-20270

Weakness Enumeration

Related Identifiers

Affected Products

References · 108