Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-8492

Опубликовано: 30 янв. 2020
Источник: debian

Описание

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python3.8fixed3.8.3~rc1-1package
python3.7removedpackage
python3.7fixed3.7.3-2+deb10u2busterpackage
python3.5removedpackage
python3.4removedpackage
python3.4postponedjessiepackage
python2.7fixed2.7.18-2package
python2.7no-dsajessiepackage

Примечания

  • https://bugs.python.org/issue39503

  • https://github.com/python/cpython/pull/18284

  • https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html

  • https://github.com/python/cpython/commit/0b297d4ff1c0e4480ad33acae793fbaf4bf015b4 (master)

  • https://github.com/python/cpython/commit/ea9e240aa02372440be8024acb110371f69c9d41 (3.8-branch)

  • https://github.com/python/cpython/commit/b57a73694e26e8b2391731b5ee0b1be59437388e (3.7-branch)

  • https://github.com/python/cpython/commit/69cdeeb93e0830004a495ed854022425b93b3f3e (3.6-branch)

Связанные уязвимости

ubuntu логотип

CVE-2020-8492

CVSS3: 6.5
ubuntu
больше 5 лет назад

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

redhat логотип

CVE-2020-8492

CVSS3: 6.5
redhat
больше 5 лет назад

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

nvd логотип

CVE-2020-8492

CVSS3: 6.5
nvd
больше 5 лет назад

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

suse-cvrf логотип

SUSE-SU-2020:14306-1

suse-cvrf
больше 5 лет назад

Security update for python

github логотип

GHSA-wh3w-rqc7-4mpf

CVSS3: 6.5
github
около 3 лет назад

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.