ALT-PU-2024-12029-3
Package python3-module-rencode updated to version 1.0.6-alt3 for branch sisyphus in task 356787.
Closed vulnerabilities
Published: 2021-09-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-40839
The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- https://github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75
- https://github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75
- https://github.com/aresch/rencode/pull/29
- https://github.com/aresch/rencode/pull/29
- FEDORA-2022-02340931ec
- FEDORA-2022-02340931ec
- FEDORA-2022-1033a2718b
- FEDORA-2022-1033a2718b
- https://pypi.org/project/rencode/#history
- https://pypi.org/project/rencode/#history
- https://seclists.org/fulldisclosure/2021/Sep/16
- https://seclists.org/fulldisclosure/2021/Sep/16
- https://security.netapp.com/advisory/ntap-20211008-0001/
- https://security.netapp.com/advisory/ntap-20211008-0001/