Candidate: CVE-2021-3828
PublicDate: 2021-09-27 13:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3828
 https://github.com/nltk/nltk/pull/2816
 https://huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32
Description:
 nltk is vulnerable to Inefficient Regular Expression Complexity
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995226
Priority: medium
Discovered-by:
Assigned-to: sespiros
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_nltk:
 upstream: https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6
upstream_nltk: released (3.6.5)
trusty_nltk: ignored (out of standard support)
trusty/esm_nltk: DNE
xenial_nltk: ignored (out of standard support)
bionic_nltk: needed
focal_nltk: needed
hirsute_nltk: ignored (reached end-of-life)
impish_nltk: needed
jammy_nltk: released (3.6.5-1)
devel_nltk: released (3.6.5-1)