Asymmetric denial of service - ReDoS In pypy3
Description
unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version |
|---|---|---|
 debian 11 | =7.3.10+dfsg-1 || =7.3.10~rc3+dfsg-1 || =7.3.10~rc3+dfsg-2 || =7.3.11+dfsg-1 || =7.3.11+dfsg-2 || =7.3.12+dfsg-1 || =7.3.12~rc1+dfsg-1 || =7.3.12~rc2+dfsg-1 || =7.3.13+dfsg-1 || =7.3.14+dfsg-1 || =7.3.15+dfsg-1 || =7.3.16+dfsg-1 || =7.3.16+dfsg-2 || =7.3.17+dfsg-1 || =7.3.17+dfsg-2 || =7.3.17+dfsg-3 || =7.3.18+dfsg-1 || =7.3.18+dfsg-2 || =7.3.19+dfsg-1 || =7.3.19+dfsg-2 || =7.3.20+dfsg-1 || =7.3.20+dfsg-2 || =7.3.20+dfsg-3 || =7.3.20+dfsg-4 || =7.3.21+dfsg-1 || =7.3.21+dfsg-2 || =7.3.21+dfsg-3 || =7.3.21+dfsg-4 || =7.3.22+dfsg-1 || =7.3.23+dfsg-1 || =7.3.5+dfsg-2 || =7.3.5+dfsg-2+deb11u1 || =7.3.5+dfsg-2+deb11u2 || =7.3.5+dfsg-2+deb11u3 || =7.3.5+dfsg-2+deb11u4 || =7.3.5+dfsg-2+deb11u5 || =7.3.6+dfsg-1 || =7.3.6~rc2+dfsg-1 || =7.3.6~rc2+dfsg-2 || =7.3.7+dfsg-1 || =7.3.7+dfsg-2 || =7.3.7+dfsg-3 || =7.3.7+dfsg-4 || =7.3.7+dfsg-5 || =7.3.8+dfsg-1 || =7.3.8+dfsg-2 || =7.3.8~rc1+dfsg-1 || =7.3.8~rc1+dfsg-2 || =7.3.9+dfsg-1 || =7.3.9+dfsg-2 || =7.3.9+dfsg-3 || =7.3.9+dfsg-4 || =7.3.9+dfsg-5 | |
debian 12 | =7.3.11+dfsg-2 || =7.3.11+dfsg-2+deb12u1 || =7.3.11+dfsg-2+deb12u2 || =7.3.11+dfsg-2+deb12u3 || =7.3.12+dfsg-1 || =7.3.12~rc1+dfsg-1 || =7.3.12~rc2+dfsg-1 || =7.3.13+dfsg-1 || =7.3.14+dfsg-1 || =7.3.15+dfsg-1 || =7.3.16+dfsg-1 || =7.3.16+dfsg-2 || =7.3.17+dfsg-1 || =7.3.17+dfsg-2 || =7.3.17+dfsg-3 || =7.3.18+dfsg-1 || =7.3.18+dfsg-2 || =7.3.19+dfsg-1 || =7.3.19+dfsg-2 || =7.3.20+dfsg-1 || =7.3.20+dfsg-2 || =7.3.20+dfsg-3 || =7.3.20+dfsg-4 || =7.3.21+dfsg-1 || =7.3.21+dfsg-2 || =7.3.21+dfsg-3 || =7.3.21+dfsg-4 || =7.3.22+dfsg-1 || =7.3.23+dfsg-1 | |
debian 13 | =7.3.19+dfsg-2 || =7.3.20+dfsg-1 || =7.3.20+dfsg-2 || =7.3.20+dfsg-3 || =7.3.20+dfsg-4 || =7.3.21+dfsg-1 || =7.3.21+dfsg-2 || =7.3.21+dfsg-3 || =7.3.21+dfsg-4 || =7.3.22+dfsg-1 || =7.3.23+dfsg-1 | |
debian 14 | =7.3.19+dfsg-2 || =7.3.20+dfsg-1 || =7.3.20+dfsg-2 || =7.3.20+dfsg-3 || =7.3.20+dfsg-4 || =7.3.21+dfsg-1 || =7.3.21+dfsg-2 || =7.3.21+dfsg-3 || =7.3.21+dfsg-4 || =7.3.22+dfsg-1 || =7.3.23+dfsg-1 | |
debian 11 | =2.7.18-10 || =2.7.18-11 || =2.7.18-12 || =2.7.18-13 || =2.7.18-13.1 || =2.7.18-13.1~exp1 || =2.7.18-13.2 || =2.7.18-8 || =2.7.18-8+deb11u1 || =2.7.18-9 | |
debian 12 | =3.11.2-6 || =3.11.2-6+deb12u1 || =3.11.2-6+deb12u2 || =3.11.2-6+deb12u3 || =3.11.2-6+deb12u4 || =3.11.2-6+deb12u5 || =3.11.2-6+deb12u6 || =3.11.2-6+deb12u7 || =3.11.2-6+deb12u8 || =3.11.3-1 || =3.11.3-2 || =3.11.4-1 || =3.11.5-1 || =3.11.5-2 || =3.11.5-3 || =3.11.6-1 || =3.11.6-2 || =3.11.6-3 || =3.11.6-3~hurd.2 || =3.11.7-1 || =3.11.7-2 || =3.11.8-1 || =3.11.8-1.1~exp1 || =3.11.8-1.1~exp2 || =3.11.8-2 || =3.11.8-3 || =3.11.8-3+hurd.1 || =3.11.9-1 | |
debian 13 | =3.13.11-1 || =3.13.12-1 || =3.13.5-2 || =3.13.5-2+deb13u1 || =3.13.5-2+deb13u2 || =3.13.6-1 || =3.13.7-1 || =3.13.8-1 || =3.13.9-1 | |
debian 14 | =3.13.11-1 || =3.13.12-1 || =3.13.5-2 || =3.13.6-1 || =3.13.7-1 || =3.13.8-1 || =3.13.9-1 | |
debian 14 | =3.14.0-1 || =3.14.0-2 || =3.14.0-3 || =3.14.0-4 || =3.14.0-5 || =3.14.0~a7-1 || =3.14.0~b1-1 || =3.14.0~b2-1 || =3.14.0~b3-1 || =3.14.0~b4-1 || =3.14.0~rc1-1 || =3.14.0~rc2-1 || =3.14.0~rc3-1 || =3.14.2-1 || =3.14.3-1 || =3.14.3-2 || =3.14.3-3 || =3.14.3-4 || =3.14.3-5 || =3.14.4-1 || =3.14.4-2 || =3.14.5-1 || =3.14.5~rc1-1 | |
debian 11 | =3.9.10-1 || =3.9.10-2 || =3.9.11-1 || =3.9.12-1 || =3.9.13-1 || =3.9.2-1 || =3.9.2-1+deb11u1 || =3.9.2-1+deb11u2 || =3.9.2-1+deb11u3 || =3.9.2-1+deb11u4 || =3.9.2-1+deb11u5 || =3.9.2-1+deb11u6 || =3.9.2-1+deb11u7 || =3.9.3-1 || =3.9.3-2 || =3.9.4-1 || =3.9.5-1 || =3.9.5-2 || =3.9.5-3 || =3.9.6-1 || =3.9.7-1 || =3.9.7-2 || =3.9.7-4 || =3.9.8-1 || =3.9.8-2 || =3.9.9-1 || =3.9.9-2 || =3.9.9-3 || =3.9.9-4 |
1-10 of 21
10
Does your application use this vulnerable software?
During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.