CVE-2021-32837 — Vulnetix

CVE-2021-32837 PUBLISHED

mechanize, a library for automatically interacting with HTTP web servers, contains a regular expression that is vulnerable to regular expression denial of service (ReDoS) prior to version 0.4.6. If a web server responds in a malicious way, then mechanize could crash. Version 0.4.6 has a patch for the issue.

EPSS 1.94% · 83.8th percentile

Risk Scores

EPSS Score

1.94%

83.8th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:20.04:LTS	python-mechanize	0, 1:0.2.5-3, 1:0.4.3-2
Ubuntu:18.04:LTS	python-mechanize	0, 1:0.2.5-3
Ubuntu:16.04:LTS	python-mechanize	0, 1:0.2.5-3

Exploit Intelligence

Timeline

Jan 17, 2023 CVE Published
Jan 18, 2023 EPSS Score
Feb 28, 2023 EPSS Score
Apr 9, 2023 EPSS Score
May 20, 2023 EPSS Score
Aug 9, 2023 EPSS Score
Sep 19, 2023 EPSS Score
Oct 29, 2023 EPSS Score
Jan 19, 2024 EPSS Score
Feb 28, 2024 EPSS Score
May 19, 2024 EPSS Score
Jun 29, 2024 EPSS Score

References

https://ubuntu.com/security/CVE-2021-32837 third-party-advisory
https://securitylab.github.com/advisories/GHSL-2021-108-python-mechanize-mechanize/ third-party-advisory
https://github.com/python-mechanize/mechanize/blob/3acb1836f3fd8edc5a758a417dd46b53832ae3b5/mechanize/_urllib2_fork.py#L878-L879 third-party-advisory
https://github.com/python-mechanize/mechanize/releases/tag/v0.4.6 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2021-32837 third-party-advisory

Open in Interactive Console →