High severityNVD Advisory· Published Sep 10, 2021· Updated Aug 4, 2024
CVE-2021-40839
CVE-2021-40839
Description
The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rencodePyPI | <= 1.0.6 | — |
Affected products
2- rencode/rencodedescription
Patches
Vulnerability mechanics
References
13- github.com/advisories/GHSA-gh8j-2pgf-x458ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMVQRPDVSVZNGGX57CFKCYT3DEYO4QB6/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MCLETLGVM5DBX6QNHQFW6TWGO5T3DENY/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2021-40839ghsaADVISORY
- github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75ghsax_refsource_MISCWEB
- github.com/aresch/rencode/pull/29ghsax_refsource_MISCWEB
- github.com/pypa/advisory-database/tree/main/vulns/rencode/PYSEC-2021-345.yamlghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMVQRPDVSVZNGGX57CFKCYT3DEYO4QB6ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MCLETLGVM5DBX6QNHQFW6TWGO5T3DENYghsaWEB
- pypi.org/project/rencode/ghsax_refsource_MISCWEB
- seclists.org/fulldisclosure/2021/Sep/16ghsax_refsource_MISCWEB
- security.netapp.com/advisory/ntap-20211008-0001ghsaWEB
- security.netapp.com/advisory/ntap-20211008-0001/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.