CVE-2021-20270 vulnerability in Red Hat and Other Products
Published on March 23, 2021

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

Vendor Advisory NVD

Weakness Type

What is an Infinite Loop Vulnerability?

The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory.

CVE-2021-20270 has been classified to as an Infinite Loop vulnerability or weakness.

Products Associated with CVE-2021-20270

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-20270 are published in these products:

Red Hat Openshift Container Platform

Red Hat Software Collections

Fedora Project Fedora

Red Hat Enterprise Linux (RHEL)

Pygments

Red Hat Openstack Platform

Debian Linux

Canonical Ubuntu Linux

Exploit Probability

EPSS

0.12%

Percentile

30.01%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-20270 vulnerability in Red Hat and Other ProductsPublished on March 23, 2021

Weakness Type

What is an Infinite Loop Vulnerability?

Products Associated with CVE-2021-20270

Exploit Probability

CVE-2021-20270 vulnerability in Red Hat and Other Products
Published on March 23, 2021