CVE-2021-40839 - log back

CVE-2021-40839 edited at 10 Sep 2021 08:37:35
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory.
References
+ https://seclists.org/fulldisclosure/2021/Sep/16
+ https://github.com/aresch/rencode/pull/29
+ https://github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75
Notes
CVE-2021-40839 created at 10 Sep 2021 08:35:58