CVE-2021-40839

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions rencode package through 1.0.6 for Python

Description The issue allows an infinite loop in typecode decoding, such as via ;x2fx7f, enabling a remote attack that consumes CPU and memory.

Recommendations For rencode package versions through 1.0.6, consider updating to a version later than 1.0.6 to resolve the issue. As a temporary workaround, consider restricting the use of typecode decoding functionality until a patch is available.

Fix

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALT-PU-2024-14538

CVE-2021-40839

GHSA-GH8J-2PGF-X458

MGASA-2022-0167

PYSEC-2021-345

Affected Products

Alt Linux

Debian

Red Os

Encode

CVE-2021-40839

Weakness Enumeration

Related Identifiers

Affected Products

References · 28