ALT-PU-2025-5228-3
Package python3-module-mpmath updated to version 1.3.0-alt1 for branch c10f2 in task 380741.
Closed vulnerabilities
Published: 2021-06-21
BDU:2024-11296
Уязвимость функции mpmathify библиотеки mpmath интерпретатора языка программирования Python, позволяющая нарушителю вызвать отказ в обслуживании (ReDos)
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2021-06-21
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-29063
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 through v1.2.1 when the mpmathify function is called.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- https://github.com/fredrik-johansson/mpmath/commit/46d44c3c8f3244017fe1eb102d564eb4ab8ef750
- https://github.com/fredrik-johansson/mpmath/commit/46d44c3c8f3244017fe1eb102d564eb4ab8ef750
- https://github.com/mpmath/mpmath/releases/tag/1.3.0
- https://github.com/mpmath/mpmath/releases/tag/1.3.0
- https://github.com/npm/hosted-git-info/pull/76
- https://github.com/npm/hosted-git-info/pull/76
- https://github.com/yetingli/PoCs/blob/main/CVE-2021-29063/Mpmath.md
- https://github.com/yetingli/PoCs/blob/main/CVE-2021-29063/Mpmath.md
- https://github.com/yetingli/SaveResults/blob/main/js/hosted-git-info.js
- https://github.com/yetingli/SaveResults/blob/main/js/hosted-git-info.js
- FEDORA-2021-fc30c0de34
- FEDORA-2021-fc30c0de34
- FEDORA-2021-bc2153d8f0
- FEDORA-2021-bc2153d8f0
- FEDORA-2021-244a18163c
- FEDORA-2021-244a18163c
- https://www.npmjs.com/package/hosted-git-info
- https://www.npmjs.com/package/hosted-git-info