CVE-2021-20270

Published: Mar 23, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

Affected (10)

Products: Pygments: Pygments · Redhat: Enterprise Linux, Openshift Container Platform, Openstack Platform, Software Collections · Fedoraproject: Fedora · +1 more

Show all products

Pygments: Pygments · Redhat: Enterprise Linux, Openshift Container Platform, Openstack Platform, Software Collections · Fedoraproject: Fedora · Debian: Debian Linux

1 product

4 products

Enterprise Linux

Openshift Container Platform

Openstack Platform

Software Collections

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pygments Pygments	From 1.5 to 2.7.3

Configuration B

6 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0
Redhat Openshift Container Platform	Version 3.11
Redhat Openshift Container Platform	Version 4.0
Redhat Openstack Platform	Version 10.0
Redhat Software Collections	All versions

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 33

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (10)

https://bugzilla.redhat.com/show_bug.cgi?id=1922136

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://www.debian.org/security/2021/dsa-4889

Source: secalert@redhat.com

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Source: secalert@redhat.com

Not ApplicableThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1922136

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://www.debian.org/security/2021/dsa-4889

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Source: af854a3a-2127-422b-91ae-364da2661108

Not ApplicableThird Party Advisory

Timeline

No history available yet.