CVE-2022-40896

CVSS v4.0

6.8

Medium

Vector

AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Pygments versions prior to 2.15.0

Description A ReDoS issue was discovered in pygments/lexers/smithy.py via SmithyLexer. The issue is related to the use of a regular expression with inefficient computational complexity. Exploitation of the issue may allow an attacker to cause a denial of service.

Recommendations For Pygments versions prior to 2.15.0, update to version 2.15.0 or later to resolve the issue. As a temporary workaround, consider disabling the SmithyLexer function until a patch is available. Restrict access to the pygments/lexers/smithy.py module to minimize the risk of exploitation.

Exploit

Fix

DoS

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

ALT-PU-2024-14582

ALT-PU-2024-3554

AZL-27502

AZL-35139

BDU:2024-00830

CVE-2022-40896

GHSA-MRWQ-X4V8-FH7P

MGASA-2024-0107

OESA-2023-1477

OESA-2023-1478

OESA-2023-1479

PYSEC-2023-117

RHSA-2024:1057

RHSA-2024:2010

USN-7128-1

Affected Products

Alt Linux

Debian

Linuxmint

Pygments

Red Os

Ubuntu

CVE-2022-40896

Weakness Enumeration

Related Identifiers

Affected Products

References · 49