Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-7592

Опубликовано: 19 авг. 2024
Источник: debian
EPSS Низкий

Описание

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python3.13fixed3.13.0~rc2-1package
python3.12fixed3.12.6-1package
python3.11removedpackage
python3.11fixed3.11.2-6+deb12u5bookwormpackage
python3.9removedpackage
pypy3fixed7.3.18+dfsg-1package
pypy3no-dsabookwormpackage

Примечания

  • https://github.com/python/cpython/pull/123075

  • https://github.com/python/cpython/issues/123067

  • https://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621 (v3.13.0rc2)

  • https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1 (v3.12.6)

  • https://github.com/python/cpython/commit/d4ac921a4b081f7f996a5d2b101684b67ba0ed7f (v3.11.10)

  • https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a (v3.10.15)

  • https://github.com/python/cpython/commit/d662e2db2605515a767f88ad48096b8ac623c774 (v3.9.20)

  • https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/

EPSS

Процентиль: 59%
0.00387
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-7592

CVSS3: 7.5
ubuntu
около 1 года назад

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.

redhat логотип

CVE-2024-7592

CVSS3: 4.8
redhat
около 1 года назад

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.

nvd логотип

CVE-2024-7592

CVSS3: 7.5
nvd
около 1 года назад

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.

msrc логотип

CVE-2024-7592

CVSS3: 7.5
msrc
около 1 года назад

Описание отсутствует

redos логотип

ROS-20241017-18

CVSS3: 7.5
redos
около 1 года назад

Уязвимость python3.12

EPSS

Процентиль: 59%
0.00387
Низкий