CVE-2024-12720

ADVISORY - github

Summary

A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization_nougat_fast.py. The vulnerability occurs in the post_process_single() function, where a regular expression processes specially crafted input. The issue stems from the regex exhibiting exponential time complexity under certain conditions, leading to excessive backtracking. This can result in significantly high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.46.3.

EPSS Score⁠: 0.00107 (0.297)

Common Weakness Enumeration (CWE)

ADVISORY - nist

NIST

CREATED

6 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2024-12720⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1333⁠

CVSS SCORE

7.5high

GitHub

CREATED

6 months ago

UPDATED

6 months ago

ADVISORY IDGHSA-6rvg-6v2m-4j46⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1333⁠

CVSS SCORE

5.3medium

GitLab

CREATED

6 months ago

UPDATED

6 months ago

ADVISORY ID

CVE-2024-12720

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-1333⁠CWE-937⁠

CVSS SCORE

5.3medium

Chainguard

CREATED

6 months ago

UPDATED

6 months ago

ADVISORY ID

CGA-f2g7-x7m9-rr5v

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

CVE-2024-12720

Summary

Common Weakness Enumeration (CWE)

CWE-1333⁠

CWE-1333⁠

CWE-1035⁠

CWE-1333⁠

CWE-937⁠

Advisories

NIST

CVSS SCORE

GitHub

CVSS SCORE

GitLab

CVSS SCORE

Chainguard