Lucene search

Veracode Vulnerability DatabaseVERACODE:37742

HistoryNov 01, 2022 - 3:03 p.m.

Denial Of Service (DoS)

2022-11-0115:03:03

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

py3-rencode

vulnerability

infinite loop

dos

remote attacker

memory consumption

application crash

software

EPSS

0.004

Percentile

74.7%

JSON

py3-rencode is vulnerable to denial of service. The vulnerability exists due to an infinite loop in typecode decoding enabling a remote attacker to cause a memory consumption resulting in an application crash.

References

github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75

github.com/aresch/rencode/pull/29

lists.fedoraproject.org/archives/list/[email protected]/message/BMVQRPDVSVZNGGX57CFKCYT3DEYO4QB6/

lists.fedoraproject.org/archives/list/[email protected]/message/MCLETLGVM5DBX6QNHQFW6TWGO5T3DENY/

pypi.org/project/rencode/#history

secdb.alpinelinux.org/edge/community.yaml

seclists.org/fulldisclosure/2021/Sep/16

security.netapp.com/advisory/ntap-20211008-0001/

EPSS

0.004

Percentile

74.7%

JSON

Related for VERACODE:37742