Home

CVE-2021-20270

Description

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the exception keyword.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.118

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-20270,CVE-2021-27291 are fixed in Python-pygments 2.7.4Windows
Generic syntax highlighter (USN-4885-1) python-pygments_2.1+dfsg-1ubuntu0.1_all.debLinux
Generic syntax highlighter (USN-4885-1) python-pygments_2.2.0+dfsg-1ubuntu0.1_all.debLinux
Generic syntax highlighter (USN-4885-1) python-pygments_2.3.1+dfsg-1ubuntu2.1_all.debLinux
Generic syntax highlighter (USN-4885-1) python3-pygments_2.1+dfsg-1ubuntu0.1_all.debLinux
Generic syntax highlighter (USN-4885-1) python3-pygments_2.2.0+dfsg-1ubuntu0.1_all.debLinux
Generic syntax highlighter (USN-4885-1) python3-pygments_2.3.1+dfsg-1ubuntu2.1_all.debLinux
Generic syntax highlighter (USN-4885-1) python3-pygments_2.3.1+dfsg-4ubuntu0.1_all.debLinux
mediawiki security update(DSA-4889-1) mediawiki_1.31.14-1~deb10u1_all.debLinux
python2 update (TU-CESAS-0002) python2-lxml-4.2.3-6.module_el8+299+aa6e9afa.x86_64.rpmLinux
python2 update (TU-CESAS-0002) python2-tools-2.7.18-12.module_el8+299+aa6e9afa.x86_64.rpmLinux
python2 update (TU-CESAS-0002) python2-jinja2-2.10-9.module_el8+299+aa6e9afa.noarch.rpmLinux
python2 update (TU-CESAS-0002) python2-pygments-2.2.0-22.module_el8+299+aa6e9afa.noarch.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python-nose-docs-1.3.7-31.module+el8.5.0+12207+5c5719bc.noarch.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python-pymongo-debuginfo-3.7.0-1.module+el8.4.0+9670+1849b5f9.x86_64.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python-pymongo-debugsource-3.7.0-1.module+el8.4.0+9670+1849b5f9.x86_64.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python-pymongo-doc-3.7.0-1.module+el8.4.0+9670+1849b5f9.noarch.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python-sqlalchemy-doc-1.3.2-2.module+el8.3.0+6646+6b4b10ec.noarch.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python-virtualenv-doc-15.1.0-21.module+el8.5.0+12207+5c5719bc.noarch.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python3-PyMySQL-0.10.1-2.module+el8.4.0+9657+a4b6a102.noarch.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python3-bson-3.7.0-1.module+el8.4.0+9670+1849b5f9.x86_64.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python3-bson-debuginfo-3.7.0-1.module+el8.4.0+9670+1849b5f9.x86_64.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python3-distro-1.4.0-2.module+el8.1.0+3334+5cb623d7.noarch.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python3-docs-3.6.7-2.module+el8.1.0+3334+5cb623d7.noarch.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python3-docutils-0.14-12.module+el8.1.0+3334+5cb623d7.noarch.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python3-nose-1.3.7-31.module+el8.5.0+12207+5c5719bc.noarch.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python3-pygments-2.2.0-22.module+el8.5.0+10789+e4939b94.noarch.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python3-pymongo-3.7.0-1.module+el8.4.0+9670+1849b5f9.x86_64.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python3-pymongo-debuginfo-3.7.0-1.module+el8.4.0+9670+1849b5f9.x86_64.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python3-pymongo-gridfs-3.7.0-1.module+el8.4.0+9670+1849b5f9.x86_64.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python3-scipy-1.0.0-21.module+el8.5.0+10916+41bd434d.x86_64.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python3-scipy-debuginfo-1.0.0-21.module+el8.5.0+10916+41bd434d.x86_64.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python3-sqlalchemy-1.3.2-2.module+el8.3.0+6646+6b4b10ec.x86_64.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python3-virtualenv-15.1.0-21.module+el8.5.0+12207+5c5719bc.noarch.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python3-wheel-0.31.1-3.module+el8.5.0+12207+5c5719bc.noarch.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python3-wheel-wheel-0.31.1-3.module+el8.5.0+12207+5c5719bc.noarch.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python36-3.6.8-38.module+el8.5.0+12207+5c5719bc.x86_64.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python36-debug-3.6.8-38.module+el8.5.0+12207+5c5719bc.x86_64.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python36-devel-3.6.8-38.module+el8.5.0+12207+5c5719bc.x86_64.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update python36-rpm-macros-3.6.8-38.module+el8.5.0+12207+5c5719bc.noarch.rpmLinux
(RHSA-2021:4150)Moderate: security and bug fix update scipy-debugsource-1.0.0-21.module+el8.5.0+10916+41bd434d.x86_64.rpmLinux
python36:3.6 security and bug fix update (RLSA-2021:4150) python36-3.6.8-38.module+el8.5.0+671+195e4563.x86_64.rpmLinux
python36:3.6 security and bug fix update (RLSA-2021:4150) python3-bson-3.7.0-1.module+el8.5.0+671+195e4563.x86_64.rpmLinux
python36:3.6 security and bug fix update (RLSA-2021:4150) python3-docs-3.6.7-2.module+el8.4.0+597+ddf0ddea.noarch.rpmLinux
python36:3.6 security and bug fix update (RLSA-2021:4150) python3-nose-1.3.7-31.module+el8.5.0+671+195e4563.noarch.rpmLinux
python36:3.6 security and bug fix update (RLSA-2021:4150) python3-scipy-1.0.0-21.module+el8.5.0+671+195e4563.x86_64.rpmLinux
python36:3.6 security and bug fix update (RLSA-2021:4150) python3-wheel-0.31.1-3.module+el8.5.0+671+195e4563.noarch.rpmLinux
python36:3.6 security and bug fix update (RLSA-2021:4150) python3-distro-1.4.0-2.module+el8.3.0+120+426d8baf.noarch.rpmLinux
python36:3.6 security and bug fix update (RLSA-2021:4150) python36-debug-3.6.8-38.module+el8.5.0+671+195e4563.x86_64.rpmLinux
python36:3.6 security and bug fix update (RLSA-2021:4150) python36-devel-3.6.8-38.module+el8.5.0+671+195e4563.x86_64.rpmLinux
python36:3.6 security and bug fix update (RLSA-2021:4150) python3-PyMySQL-0.10.1-2.module+el8.4.0+597+ddf0ddea.noarch.rpmLinux
python36:3.6 security and bug fix update (RLSA-2021:4150) python3-pymongo-3.7.0-1.module+el8.5.0+671+195e4563.x86_64.rpmLinux
python36:3.6 security and bug fix update (RLSA-2021:4150) python-nose-docs-1.3.7-31.module+el8.5.0+671+195e4563.noarch.rpmLinux
python36:3.6 security and bug fix update (RLSA-2021:4150) python3-docutils-0.14-12.module+el8.4.0+597+ddf0ddea.noarch.rpmLinux
python36:3.6 security and bug fix update (RLSA-2021:4150) python3-pygments-2.2.0-22.module+el8.5.0+671+195e4563.noarch.rpmLinux
python36:3.6 security and bug fix update (RLSA-2021:4150) python-pymongo-doc-3.7.0-1.module+el8.5.0+671+195e4563.noarch.rpmLinux
python36:3.6 security and bug fix update (RLSA-2021:4150) python3-sqlalchemy-1.3.2-2.module+el8.4.0+597+ddf0ddea.x86_64.rpmLinux
python36:3.6 security and bug fix update (RLSA-2021:4150) python3-virtualenv-15.1.0-21.module+el8.5.0+671+195e4563.noarch.rpmLinux
python36:3.6 security and bug fix update (RLSA-2021:4150) python3-wheel-wheel-0.31.1-3.module+el8.5.0+671+195e4563.noarch.rpmLinux
python36:3.6 security and bug fix update (RLSA-2021:4150) python36-rpm-macros-3.6.8-38.module+el8.5.0+671+195e4563.noarch.rpmLinux
python36:3.6 security and bug fix update (RLSA-2021:4150) python-sqlalchemy-doc-1.3.2-2.module+el8.4.0+403+9ae17a31.noarch.rpmLinux
python36:3.6 security and bug fix update (RLSA-2021:4150) python-virtualenv-doc-15.1.0-21.module+el8.5.0+671+195e4563.noarch.rpmLinux
python36:3.6 security and bug fix update (RLSA-2021:4150) python3-pymongo-gridfs-3.7.0-1.module+el8.5.0+671+195e4563.x86_64.rpmLinux
Resource-agents update (ELSA-2021-9553) resource-agents-4.1.1-98.el8.x86_64.rpmLinux
Vulnerabilities CVE-2021-20270,CVE-2021-27291 are fixed in Python-pygments for linux 2.7.4Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234