Описание
The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python-rencode | fixed | 1.0.6-2 | package | |
| python-rencode | no-dsa | bullseye | package | |
| python-rencode | no-dsa | buster | package | |
| python-rencode | no-dsa | stretch | package |
Примечания
https://github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75
https://github.com/aresch/rencode/pull/29
EPSS
Процентиль: 94%
0.13839
Средний
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 4 лет назад
The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory.
CVSS3: 7.5
nvd
больше 4 лет назад
The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory.
EPSS
Процентиль: 94%
0.13839
Средний