FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py39-rencode -- infinite loop that could lead to Denial of Service

Affected packages
py39-rencode <= 1.0.6_1

Details

VuXML ID 70d0d2ec-cb62-11ed-956f-7054d21a9e2a
Discovery 2021-09-09
Entry 2023-03-25
Modified 2023-03-26

NIST reports:

The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory.

[source]

References

CVE Name CVE-2021-40839
URL https://osv.dev/vulnerability/GHSA-gh8j-2pgf-x458
URL https://osv.dev/vulnerability/PYSEC-2021-345

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.