CVE-2021-40839

HIGH

rencode < 1.0.6 - Denial of Service via Malformed Typecode Decoding

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-40839. PoCs published by itlabbet.

AI-analyzed exploit summary This is a working exploit for CVE-2021-40839, a Dirty Cow vulnerability variant. It leverages a race condition in the Linux kernel's memory handling to overwrite the /etc/passwd file, adding a new user with root privileges.

Description

The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory.

Exploits (1)

nomisec WORKING POC 1 stars
by itlabbet · poc
https://github.com/itlabbet/CVE-2021-40839

This is a working exploit for CVE-2021-40839, a Dirty Cow vulnerability variant. It leverages a race condition in the Linux kernel's memory handling to overwrite the /etc/passwd file, adding a new user with root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Racy
Target: Linux Kernel (specific versions affected by Dirty Cow)
No auth needed
Prerequisites: Local access to the target system · Compilation environment for C code
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/aresch/rencode/pull/29
Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/fulldisclosure/2021/Sep/16
Third Party Advisory x_refsource_misc
https://pypi.org/project/rencode/#history
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20211008-0001/

Scores

CVSS v3 7.5
EPSS 0.1729
EPSS Percentile 95.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-835
Status published
Products (4)
fedoraproject/fedora 34
fedoraproject/fedora 35
pypi/rencode 0PyPI
rencode_project/rencode < 1.0.6
Published Sep 10, 2021
Tracked Since Feb 18, 2026