Home > Vulnerability Database > CVE-2021-29063

Mend.io Vulnerability Database

CVE-2021-29063

Good to know:

Date: June 20, 2021

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 through v1.2.1 when the mpmathify function is called. After conducting further research, Mend has determined that all versions of mpmath through 1.2.1 are vulnerable to CVE-2021-29063.

Language: Python

Severity Score

7.5

Related Resources (23)

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MS2U6GLXQSRZJE2HVUAUMVFR2DWQLCZG/

Url: https://github.com/yetingli/SaveResults/blob/main/js/hosted-git-info.js

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3M5O55E7VUDMXCPQR6MQTOIFDKHP36AA/

Url: https://github.com/fredrik-johansson/mpmath/issues/548

Url: https://github.com/fredrik-johansson/mpmath/commit/46d44c3c8f3244017fe1eb102d564eb4ab8ef750

Url: https://www.npmjs.com/package/hosted-git-info

Url: https://github.com/yetingli/PoCs/blob/main/CVE-2021-29063/Mpmath.md

Url: https://github.com/npm/hosted-git-info/pull/76

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MS2U6GLXQSRZJE2HVUAUMVFR2DWQLCZG

Url: https://github.com/advisories/GHSA-f865-m6cq-j9vx

Url: https://github.com/pypa/advisory-database/tree/main/vulns/mpmath/PYSEC-2021-427.yaml

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3M5O55E7VUDMXCPQR6MQTOIFDKHP36AA/

Url: https://github.com/mpmath/mpmath/commit/c811b37c65a4372a7ce613111d2a508c204f9833

Url: https://github.com/mpmath/mpmath/pull/570

Url: https://github.com/fredrik-johansson/mpmath/commit/c811b37c65a4372a7ce613111d2a508c204f9833

Url: https://github.com/fredrik-johansson/mpmath

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MS2U6GLXQSRZJE2HVUAUMVFR2DWQLCZG/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3M5O55E7VUDMXCPQR6MQTOIFDKHP36AA

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EIUX3XWY2K3MSO7QXMZXQQYAURARSPC5/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUX3XWY2K3MSO7QXMZXQQYAURARSPC5

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-29063

Url: https://github.com/mpmath/mpmath/releases/tag/1.3.0

Url: https://www.mend.io/vulnerability-database/CVE-2021-29063

Severity Score

7.5

Weakness Type (CWE)

Allocation of Resources Without Limits or Throttling

CWE-770

Top Fix

Upgrade Version

Upgrade to version mpmath - 1.3.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-29063

Good to know:

Date: June 20, 2021

Language: Python

Severity Score

Related Resources (23)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?