CVE-2021-29063

2021-06-2120:15:09

Debian Security Bug Tracker

security-tracker.debian.org

regular expression denial of service

mpmath v1.0.0

mpmath v1.2.1

mpmathify function

unix

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.014

Percentile

86.3%

JSON

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 through v1.2.1 when the mpmathify function is called.

OSVersionArchitecturePackageVersionFilename
Debian12allmpmath< 1.2.1-2mpmath_1.2.1-2_all.deb
Debian11allmpmath<= 1.2.1-1mpmath_1.2.1-1_all.deb
Debian999allmpmath< 1.2.1-2mpmath_1.2.1-2_all.deb
Debian13allmpmath< 1.2.1-2mpmath_1.2.1-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	mpmath	< 1.2.1-2	mpmath_1.2.1-2_all.deb
Debian	11	all	mpmath	<= 1.2.1-1	mpmath_1.2.1-1_all.deb
Debian	999	all	mpmath	< 1.2.1-2	mpmath_1.2.1-2_all.deb
Debian	13	all	mpmath	< 1.2.1-2	mpmath_1.2.1-2_all.deb