CVE-2021-40839

NameCVE-2021-40839
DescriptionThe rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
python-rencode (PTS)buster, stretch1.0.5-1vulnerable
bullseye1.0.6-1vulnerable
bookworm, sid1.0.6-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python-rencodesource(unstable)1.0.6-2

Notes

[bullseye] - python-rencode <no-dsa> (Minor issue)
[buster] - python-rencode <no-dsa> (Minor issue)
https://github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75
https://github.com/aresch/rencode/pull/29

Search for package or bug name: Reporting problems