Moderate severityNVD Advisory· Published Nov 9, 2022· Updated May 1, 2025

Exponential ReDoS in pymatgen leads to denial of service

CVE-2022-42964

Description

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
pymatgenPyPI	<= 2022.9.21	—

Affected products

ghsa-coords
pkg:pypi/pymatgen
Range: <= 2022.9.21
pymatgen/pymatgencpe-rescue
Range: 0

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-5jqp-885w-xj32ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-42964ghsaADVISORY
github.com/materialsproject/pymatgen/issues/2755ghsaWEB
research.jfrog.com/vulnerabilities/pymatgen-redos-xray-257184ghsaWEB
research.jfrog.com/vulnerabilities/pymatgen-redos-xray-257184/mitre

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000