DescriptionAn exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1024017

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pymatgen (PTS)bookworm2022.11.7+dfsg1-11vulnerable
sid, trixie2023.06.23+dfsg1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


[bookworm] - pymatgen <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems