First Last Prev Next    This bug is not in your last search results.
Bug 1190391 - (CVE-2021-40839) VUL-1: CVE-2021-40839: python-rencode: infinite loop in typecode decoding (such as via ;\x2f\x7f)
(CVE-2021-40839)
VUL-1: CVE-2021-40839: python-rencode: infinite loop in typecode decoding (su...
Status: NEW
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.2
Other Other
: P4 - Low : Minor (vote)
: ---
Assigned To: Dirk Mueller
Security Team bot
https://smash.suse.de/issue/309791/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-09-10 12:38 UTC by Robert Frohl
Modified: 2021-09-10 13:15 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2021-09-10 12:38:41 UTC 
CVE-2021-40839

The rencode package through 1.0.6 for Python allows an infinite loop in typecode
decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and
memory.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40839
https://github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40839
https://github.com/aresch/rencode/pull/29
https://seclists.org/fulldisclosure/2021/Sep/16
https://pypi.org/project/rencode/#history
Comment 1 Robert Frohl 2021-09-10 12:39:19 UTC 
a bit unsure who to assign it to, please re-assign if needed
Comment 2 Robert Frohl 2021-09-10 12:39:54 UTC 
relevant for Factory, Leap and Backports
First Last Prev Next    This bug is not in your last search results.