CVE-2013-1753

Опубликовано: 11 мар. 2020

Источник: debian

EPSS Низкий

Описание

The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
python2.5	removed			package
python2.6	removed			package
python2.7	fixed	2.7.9-1		package
python3.1	removed			package
python3.2	removed			package
python3.3	removed			package
python3.4	fixed	3.4.2-4		package
python3.4	postponed		jessie	package
python2.5	no-dsa		squeeze	package
python2.6	no-dsa		squeeze	package
python2.6	no-dsa		wheezy	package
python2.7	no-dsa		wheezy	package
python3.1	no-dsa		squeeze	package
python3.2	no-dsa		wheezy	package

Примечания

http://bugs.python.org/issue16043
https://github.com/python/cpython/commit/eca72d47f5a639a0ac66a98a2d63b30df2ce310f (3.4)

EPSS

Процентиль: 68%

0.00594

Низкий

Связанные уязвимости

CVE-2013-1753

CVSS3: 7.5

ubuntu

больше 5 лет назад

The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.

CVE-2013-1753

redhat

больше 12 лет назад

The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.

CVE-2013-1753

CVSS3: 7.5

nvd

больше 5 лет назад

The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.

GHSA-rg2r-27jq-959f

github

около 3 лет назад

The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.

SUSE-SU-2015:1344-1

suse-cvrf

почти 10 лет назад

Security update for python

EPSS

Процентиль: 68%

0.00594

Низкий