CVE-2021-29063 — Allocation of Resources Without Limits or Throttling in Mpmath

CWE-770 — Allocation of Resources Without Limits or Throttling8 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.9%

top 23.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mpmath Debian Mpmath Fedoraproject Fedora

Timeline

PublishedJun 21

Latest updateSep 3

Description

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 through v1.2.1 when the mpmathify function is called.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶PyPImpmath/mpmath< 1.3.0+1

▶debiandebian/mpmath< mpmath 1.2.1-2 (bookworm)

▶Debianmpmath/mpmath< 1.2.1-2+2

▶NVDmpmath/mpmath1.0.0 — 1.2.1

Also affects: Fedora 33, 34, 35

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

ReDOS in Mpmath↗2021-08-09

▶

GHSA

ReDOS in Mpmath↗2021-08-09

▶

OSV

CVE-2021-29063: A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1↗2021-06-21

▶

OSV

CVE-2021-29063: A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1↗2021-06-21

▶

📋Vendor Advisories

Ubuntu

Mpmath vulnerability↗2024-12-15

▶

Debian

CVE-2021-29063: mpmath - A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in M...↗2021

▶

📄Research Papers

arXiv

VulnRepairEval: An Exploit-Based Evaluation Framework for Assessing Large Language Model Vulnerability Repair Capabilities↗2025-09-03

▶