CVE-2022-42964

NameCVE-2022-42964
DescriptionAn exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
Debian Bugs1024017

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pymatgen (PTS)bookworm, sid2022.11.7+dfsg1-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pymatgensource(unstable)(unfixed)1024017

Notes

https://research.jfrog.com/vulnerabilities/pymatgen-redos-xray-257184/
Doesn't seem to be reported upstream so far

Search for package or bug name: Reporting problems