How severe is CVE-2021-21236?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2021-21236?

This is classified as CWE-400, which is a common weakness in software security.

CVE-2021-21236

MEDIUM Year: 2021

CVSS v3 Score

5.5

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-400

View all →

Vulnerability Description

CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression denial of service (REDoS) vulnerability. When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS). If an attacker provides a malicious SVG, it can make cairosvg get stuck processing the file for a very long time. This is fixed in version 2.5.1. See Referenced GitHub advisory for more information.

CVE-2006-5648

MEDIUM

CVSS:5.5(Medium)

Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create proc...

CWE-4002006

CVE-2006-5649

MEDIUM

CVSS:5.5(Medium)

Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspec...

CWE-4002006

CVE-2009-3621

MEDIUM

CVSS:5.5(Medium)

net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutd...

CWE-4002009

CVE-2011-1474

MEDIUM

CVSS:5.5(Medium)

A locally locally exploitable DOS vulnerability was found in pax-linux versions 2.6.32.33-test79.patch, 2.6.38-test3.patch, and 2.6.37.4-test14.patch. A bad bounds check in arch_get_unmapped_area_topd...

CWE-4002011

CVE-2011-2906

MEDIUM

CVSS:5.5(Medium)

Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service (memory consumption or ...

CWE-4002011

CVE-2011-2918

MEDIUM

CVSS:5.5(Medium)

The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of s...

CWE-4002011

CVE-2021-21236

Vulnerability Description

Related Vulnerabilities

CVE-2006-5648

CVE-2006-5649

CVE-2009-3621

CVE-2011-1474

CVE-2011-2906

CVE-2011-2918