what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2021-27291

Status Candidate

Overview

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.

Related Files

Red Hat Security Advisory 2021-4139-03
Posted Nov 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4139-03 - The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability environment. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-20270, CVE-2021-27291
SHA-256 | 5f3ab996b9e01c3116634f0d259ffd99bb5d0a2ef34cdc6fcb2059cdfc3ef7de
Red Hat Security Advisory 2021-4151-06
Posted Nov 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4151-06 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include code execution, cross site scripting, denial of service, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss, python
systems | linux, redhat
advisories | CVE-2020-27619, CVE-2020-28493, CVE-2021-20095, CVE-2021-20270, CVE-2021-23336, CVE-2021-27291, CVE-2021-28957, CVE-2021-42771
SHA-256 | d49d4e9cc1d8294a10ad07970c659f1d865063f8fbef9fec6dfcfdf770c16f00
Red Hat Security Advisory 2021-4150-02
Posted Nov 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4150-02 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, python
systems | linux, redhat
advisories | CVE-2021-20270, CVE-2021-27291
SHA-256 | ac4c0b5ed837e7faa003b2c8656928fbc253f3d4d8384eca13b1ec2b5e7302f8
Red Hat Security Advisory 2021-3252-01
Posted Aug 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3252-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include buffer overflow, code execution, denial of service, and traversal vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution, python
systems | linux, redhat
advisories | CVE-2020-27619, CVE-2020-28493, CVE-2021-20095, CVE-2021-20270, CVE-2021-23336, CVE-2021-27291, CVE-2021-3177
SHA-256 | 05d8615e2ff62f71aec723a17e396003df102bd5b199b067ca9160421e948fe6
Debian Security Advisory 4889-1
Posted Apr 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4889-1 - Multiple security issues were found in MediaWiki, a website engine for collaborative work, which could result in incomplete page/blocking protection, denial of service or cross-site scripting.

tags | advisory, denial of service, xss
systems | linux, debian
advisories | CVE-2021-20270, CVE-2021-27291, CVE-2021-30152, CVE-2021-30154, CVE-2021-30155, CVE-2021-30157, CVE-2021-30158, CVE-2021-30159
SHA-256 | 49b1118e5e434a47257059a1f6acac6dd79c19b2654b3272799d4a74621cc53a
Ubuntu Security Notice USN-4897-1
Posted Mar 31, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4897-1 - Ben Caller discovered that Pygments incorrectly handled parsing certain files. If a user or automated system were tricked into parsing a specially crafted file, a remote attacker could cause Pygments to hang or consume resources, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-27291
SHA-256 | 8d14c1970e19c85fe938c7a2bd2f1ae9abe96b5bd45ec7c3cf9f7a44e1634445
Debian Security Advisory 4878-1
Posted Mar 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4878-1 - Ben Caller discovered that Pygments, a syntax highlighting package written in Python 3, used regular expressions which could result in denial of service.

tags | advisory, denial of service, python
systems | linux, debian
advisories | CVE-2021-27291
SHA-256 | 5c9ee9c4f43f62b4229c04c226fb1157de6f0f0c08412382a6d97c55e2b1a711
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close