7.5

CVE-2021-28667

EPSS 0.67%
Veröffentlicht 18.03.2021 03:15:12
Zuletzt bearbeitet 21.11.2024 06:00:04
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data (from an action or rule name).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Stackstorm ≫ Stackstorm Version < 3.4.1

Python ≫ Python Version < 3.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.67%	0.705

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.1	8.6	6.9	AV:N/AC:M/Au:N/C:N/I:N/A:C

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://stackstorm.com/2021/03/10/stackstorm-v3-4-1-security-fix/

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-28667

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-28667

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-28667

EUVD