CVE-2021-20270

Published: August 31, 2023Last modified: August 31, 2023

Description

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

Severity score breakdown

Parameter	Value
Base score	7.5
Attack Vector	NETWORK
Attack complexity	LOW
Privileges required	NONE
User interaction	NONE
Scope	UNCHANGED
Confidentiality	NONE
Integrity impact	NONE
Availability impact	HIGH
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Status

Product	Release	Package	Status
Alpaquita Linux	23 LTS	py3-pygments	Not affected (2.13.0-r1)
Alpaquita Linux	Stream	py3-pygments	Not affected (2.16.1-r0)

References

https://bugzilla.redhat.com/show_bug.cgi?id=1922136
https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html
https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html
https://www.debian.org/security/2021/dsa-4889
https://www.oracle.com/security-alerts/cpuoct2021.html