CVE-2021-20270

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2021-20270
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2021-03-23 17:15:00 UTC
Updated2021-12-10 17:04:00 UTC
DescriptionAn infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

Risk And Classification

Problem Types: CWE-835

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Debian Debian Linux 10.0 All All All
Operating System Debian Debian Linux 9.0 All All All
Operating System Fedoraproject Fedora 33 All All All
Application Pygments Pygments All All All All
Operating System Redhat Enterprise Linux 7.0 All All All
Operating System Redhat Enterprise Linux 8.0 All All All
Application Redhat Openshift Container Platform 3.11 All All All
Application Redhat Openshift Container Platform 4.0 All All All
Application Redhat Openstack Platform 10.0 All All All
Application Redhat Software Collections - All All All

References

ReferenceSourceLinkTags
1922136 – (CVE-2021-20270) CVE-2021-20270 python-pygments: infinite loop in SML lexer may lead to DoS MISC bugzilla.redhat.com
[SECURITY] [DLA 2648-1] mediawiki security update MLIST lists.debian.org
Oracle Critical Patch Update Advisory - October 2021 MISC www.oracle.com
[SECURITY] [DLA 2648-2] mediawiki regression update MLIST lists.debian.org
Debian -- Security Information -- DSA-4889-1 mediawiki DEBIAN www.debian.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 159462 Oracle Enterprise Linux Security Update for python36:3.6 (ELSA-2021-4150)
  • 159463 Oracle Enterprise Linux Security Update for python27:2.7 (ELSA-2021-4151)
  • 159560 Oracle Enterprise Linux Security Update for resource-agents (ELSA-2021-9553)
  • 174980 SUSE Enterprise Linux Security Update for python-Pygments (SUSE-SU-2021:1500-1)
  • 178484 Debian Security Update for pygments (DSA 4870-1)
  • 178531 Debian Security Update for mediawiki (DSA 4889-1)
  • 178584 Debian Security Update for mediawiki (DLA 2648-2)
  • 178613 Debian Security Update for mediawiki (DLA 2648-1)
  • 179740 Debian Security Update for pygmentsmediawiki (CVE-2021-20270)
  • 198305 Ubuntu Security Notification for Pygments Vulnerability (USN-4885-1)
  • 199654 Ubuntu Security Notification for Pygments Vulnerabilities (USN-4897-2)
  • 239582 Red Hat Update for python27 (RHSA-2021:3252)
  • 239798 Red Hat Update for resource-agents security (RHSA-2021:4139)
  • 239809 Red Hat Update for python36:3.6 (RHSA-2021:4150)
  • 239826 Red Hat Update for python27:2.7 (RHSA-2021:4151)
  • 296053 Oracle Solaris 11.4 Support Repository Update (SRU) 35.94.4 Missing (CPUJUL2021)
  • 501770 Alpine Linux Security Update for py3-pygments
  • 504333 Alpine Linux Security Update for py3-pygments
  • 670337 EulerOS Security Update for python-pygments (EulerOS-SA-2021-1887)
  • 670435 EulerOS Security Update for python-pygments (EulerOS-SA-2021-2065)
  • 670446 EulerOS Security Update for python-pygments (EulerOS-SA-2021-2054)
  • 670683 EulerOS Security Update for python-pygments (EulerOS-SA-2021-2441)
  • 751253 SUSE Enterprise Linux Security Update for python-Pygments (SUSE-SU-2021:3473-1)
  • 751295 OpenSUSE Security Update for python-Pygments (openSUSE-SU-2021:1402-1)
  • 900162 CBL-Mariner Linux Security Update for python-pygments 2.4.2
  • 901183 Common Base Linux Mariner (CBL-Mariner) Security Update for python-pygments (6811-1)
  • 903020 Common Base Linux Mariner (CBL-Mariner) Security Update for python-pygments (3995)
  • 940186 AlmaLinux Security Update for resource-agents (ALSA-2021:4139)
  • 940522 AlmaLinux Security Update for python27:2.7 (ALSA-2021:4151)
  • 940566 AlmaLinux Security Update for python36:3.6 (ALSA-2021:4150)
  • 960320 Rocky Linux Security Update for python27:2.7 (RLSA-2021:4151)
  • 960392 Rocky Linux Security Update for python36:3.6 (RLSA-2021:4150)
  • 960815 Rocky Linux Security Update for resource-agents (RLSA-2021:4139)
  • 980347 Python (pip) Security Update for Pygments (GHSA-9w8r-397f-prfh)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report