what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2021-27291

Status Candidate

Overview

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.

Related Files

Ubuntu Security Notice USN-4897-2
Posted Aug 14, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4897-2 - USN-4897-1 fixed several vulnerabilities in Pygments. This update provides the corresponding update for Ubuntu 14.04 LTS. Ben Caller discovered that Pygments incorrectly handled parsing certain files. If a user or automated system were tricked into parsing a specially crafted file, a remote attacker could cause Pygments to hang or consume resources, resulting in a denial of service.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-20270, CVE-2021-27291
SHA-256 | 0229f770d8874a0513c2166bf3e303d5654a0a18244de156ea9264cde333f0cd
Red Hat Security Advisory 2021-4139-03
Posted Nov 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4139-03 - The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability environment. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-20270, CVE-2021-27291
SHA-256 | 5f3ab996b9e01c3116634f0d259ffd99bb5d0a2ef34cdc6fcb2059cdfc3ef7de
Red Hat Security Advisory 2021-4151-06
Posted Nov 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4151-06 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include code execution, cross site scripting, denial of service, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss, python
systems | linux, redhat
advisories | CVE-2020-27619, CVE-2020-28493, CVE-2021-20095, CVE-2021-20270, CVE-2021-23336, CVE-2021-27291, CVE-2021-28957, CVE-2021-42771
SHA-256 | d49d4e9cc1d8294a10ad07970c659f1d865063f8fbef9fec6dfcfdf770c16f00
Red Hat Security Advisory 2021-4150-02
Posted Nov 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4150-02 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, python
systems | linux, redhat
advisories | CVE-2021-20270, CVE-2021-27291
SHA-256 | ac4c0b5ed837e7faa003b2c8656928fbc253f3d4d8384eca13b1ec2b5e7302f8
Red Hat Security Advisory 2021-3252-01
Posted Aug 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3252-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include buffer overflow, code execution, denial of service, and traversal vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution, python
systems | linux, redhat
advisories | CVE-2020-27619, CVE-2020-28493, CVE-2021-20095, CVE-2021-20270, CVE-2021-23336, CVE-2021-27291, CVE-2021-3177
SHA-256 | 05d8615e2ff62f71aec723a17e396003df102bd5b199b067ca9160421e948fe6
Debian Security Advisory 4889-1
Posted Apr 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4889-1 - Multiple security issues were found in MediaWiki, a website engine for collaborative work, which could result in incomplete page/blocking protection, denial of service or cross-site scripting.

tags | advisory, denial of service, xss
systems | linux, debian
advisories | CVE-2021-20270, CVE-2021-27291, CVE-2021-30152, CVE-2021-30154, CVE-2021-30155, CVE-2021-30157, CVE-2021-30158, CVE-2021-30159
SHA-256 | 49b1118e5e434a47257059a1f6acac6dd79c19b2654b3272799d4a74621cc53a
Ubuntu Security Notice USN-4897-1
Posted Mar 31, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4897-1 - Ben Caller discovered that Pygments incorrectly handled parsing certain files. If a user or automated system were tricked into parsing a specially crafted file, a remote attacker could cause Pygments to hang or consume resources, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-27291
SHA-256 | 8d14c1970e19c85fe938c7a2bd2f1ae9abe96b5bd45ec7c3cf9f7a44e1634445
Debian Security Advisory 4878-1
Posted Mar 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4878-1 - Ben Caller discovered that Pygments, a syntax highlighting package written in Python 3, used regular expressions which could result in denial of service.

tags | advisory, denial of service, python
systems | linux, debian
advisories | CVE-2021-27291
SHA-256 | 5c9ee9c4f43f62b4229c04c226fb1157de6f0f0c08412382a6d97c55e2b1a711
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close