PT-2021-22014 · Pypi+3 · Nltk+3

Srikanth Prathi

Published

2021-09-27

Updated

2025-05-17

CVE-2021-3828

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: nltk (affected versions not specified)

Description: The nltk package is vulnerable to ReDoS (regular expression denial of service). An attacker that is able to provide input to the checkComparisonBlock() function, specifically the read comparison block() function in the file nltk/corpus/reader/comparative sents.py, may cause an application to consume an excessive amount of CPU.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-697CWE-1333

Related Identifiers

CVE-2021-3828

GHSA-2WW3-FXVQ-293J

MGASA-2023-0302

OPENSUSE-SU-2022:10040-1

OPENSUSE-SU-2024:11958-1

OPENSUSE-SU-2025:15099-1

PYSEC-2021-356

USN-5215-1

Affected Products

Debian

Linuxmint

Ubuntu

Nltk

PT-2021-22014 · Pypi+3 · Nltk+3

CVE-2021-3828

Weakness Enumeration

Related Identifiers

Affected Products

References · 31