{"id":"PYSEC-2021-345","details":"The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\\x2f\\x7f), enabling a remote attack that consumes CPU and memory.","aliases":["CVE-2021-40839","GHSA-gh8j-2pgf-x458"],"modified":"2025-10-09T07:29:23.400797Z","published":"2021-09-10T02:15:00Z","references":[{"type":"WEB","url":"https://github.com/aresch/rencode/pull/29"},{"type":"PACKAGE","url":"https://pypi.org/project/rencode/#history"},{"type":"WEB","url":"https://seclists.org/fulldisclosure/2021/Sep/16"},{"type":"FIX","url":"https://github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-gh8j-2pgf-x458"}],"affected":[{"package":{"name":"rencode","ecosystem":"PyPI","purl":"pkg:pypi/rencode"},"ranges":[{"type":"GIT","repo":"https://github.com/aresch/rencode","events":[{"introduced":"0"},{"fixed":"572ff74586d9b1daab904c6f7f7009ce0143bb75"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/rencode/PYSEC-2021-345.yaml"}}],"schema_version":"1.7.3"}