cve/2021/CVE-2021-21240.md

### [CVE-2021-21240](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21240)
![](https://img.shields.io/static/v1?label=Product&message=httplib2&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen)

### Description

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ANTONYOH/midterm_trivy
- https://github.com/McLaouth/trivi
- https://github.com/aquasecurity/trivy
- https://github.com/candrapw/trivy
- https://github.com/doyensec/regexploit
- https://github.com/fhirfactory/pegacorn-scanner-trivy
- https://github.com/georgearce24/aquasecurity-trivy
- https://github.com/immydestiny/trivy-file
- https://github.com/justPray/1122
- https://github.com/kaisenlinux/trivy
- https://github.com/khulnasoft-lab/vulx
- https://github.com/krishna-commits/trivy
- https://github.com/krishna-commits/trivy-test
- https://github.com/rafavinnce/trivy_0.27.1
- https://github.com/renovate-bot/khulnasoft-lab-_-vulx
- https://github.com/retr0-13/regexploit
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2021-21240](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21240)`
			`![](https://img.shields.io/static/v1?label=Product&message=httplib2&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen)`

			`### Description`

			`httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/ANTONYOH/midterm_trivy`
			`- https://github.com/McLaouth/trivi`
			`- https://github.com/aquasecurity/trivy`
			`- https://github.com/candrapw/trivy`
			`- https://github.com/doyensec/regexploit`
			`- https://github.com/fhirfactory/pegacorn-scanner-trivy`
			`- https://github.com/georgearce24/aquasecurity-trivy`
			`- https://github.com/immydestiny/trivy-file`
			`- https://github.com/justPray/1122`
			`- https://github.com/kaisenlinux/trivy`
			`- https://github.com/khulnasoft-lab/vulx`
			`- https://github.com/krishna-commits/trivy`
			`- https://github.com/krishna-commits/trivy-test`
			`- https://github.com/rafavinnce/trivy_0.27.1`
			`- https://github.com/renovate-bot/khulnasoft-lab-_-vulx`
			`- https://github.com/retr0-13/regexploit`