CVE-2021-20270

CWE-83511 documents8 sources
Severity
7.5HIGH
EPSS
0.2%
top 57.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Pygments PygmentsDebian Debian LinuxFedoraproject Fedora+3 more
Timeline
PublishedMar 23
Latest updateAug 14

Description

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

PyPIPygments1.52.7.4
PyPIpygments1.52.7.4
Debianpygments< 2.7.1+dfsg-2+3
NVDpygments/pygments1.52.7.3
CVEListV5python-pygmentspython-pygments 2.7.4

Also affects: Debian Linux 10.0, 9.0, Fedora 33, Enterprise Linux 7.0, 8.0, Openshift Container Platform 3.11, 4.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

5
OSV
pygments vulnerabilities2023-08-14
GHSA
Infinite Loop in Pygments2021-04-20
OSV
Infinite Loop in Pygments2021-04-20
CVEList
CVE-2021-20270: An infinite loop in SMLLexer in Pygments versions 12021-03-23
OSV
CVE-2021-20270: An infinite loop in SMLLexer in Pygments versions 12021-03-23

📋Vendor Advisories

5
Ubuntu
Pygments vulnerabilities2023-08-14
Ubuntu
Pygments vulnerability2021-03-22
Microsoft
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file as demonstrated by input that only c2021-03-09
Debian
CVE-2021-20270: mediawiki - An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denia...2021
Red Hat
python-pygments: Infinite loop in SML lexer may lead to DoS2020-12-10
CVE-2021-20270 (HIGH CVSS 7.5) | An infinite loop in SMLLexer in Pyg | cvebase.io