Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2025-03301

Опубликовано: 11 апр. 2024
Источник: fstec
CVSS3: 7
CVSS2: 6.6
EPSS Низкий

Описание

Уязвимость набора инструментов для Python dnspython связана с недостаточной проверки вводимых пользователем данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Вендор

Novell Inc.
Red Hat Inc.
Сообщество свободного программного обеспечения
ООО «Ред Софт»
Fedora Project

Наименование ПО

SUSE Linux Enterprise Server for SAP Applications
OpenSUSE Leap
Suse Linux Enterprise Server
SUSE Linux Enterprise High Performance Computing
Red Hat Enterprise Linux
SUSE Linux Enterprise Module for Public Cloud
openSUSE Tumbleweed
Debian GNU/Linux
РЕД ОС
SUSE Manager Retail Branch Server
SUSE Manager Proxy
SUSE Manager Server
SUSE Enterprise Storage
SUSE Linux Enterprise Micro
Fedora
Suse Linux Enterprise Desktop
SUSE Linux Enterprise Module for Basesystem
Red Hat Ansible Automation Platform
Red Hat OpenShift Container Platform
SUSE Linux Enterprise Module for Package Hub
openSUSE Leap Micro
SUSE Liberty Linux
SUSE Linux Enterprise Module for Python 3
dnspython

Версия ПО

12 SP3 (SUSE Linux Enterprise Server for SAP Applications)
12 SP4 (SUSE Linux Enterprise Server for SAP Applications)
15.5 (OpenSUSE Leap)
12 SP3 (Suse Linux Enterprise Server)
12 SP4 (Suse Linux Enterprise Server)
12 (SUSE Linux Enterprise High Performance Computing)
8 (Red Hat Enterprise Linux)
12 (SUSE Linux Enterprise Module for Public Cloud)
15 (SUSE Linux Enterprise Module for Public Cloud)
15 (SUSE Linux Enterprise Server for SAP Applications)
12 SP5 (Suse Linux Enterprise Server)
12 SP5 (SUSE Linux Enterprise Server for SAP Applications)
12 (SUSE Linux Enterprise Server for SAP Applications)
- (openSUSE Tumbleweed)
11 (Debian GNU/Linux)
12 (Debian GNU/Linux)
12 (Suse Linux Enterprise Server)
7.3 (РЕД ОС)
15 SP3 (SUSE Linux Enterprise Server for SAP Applications)
15 SP2 (SUSE Linux Enterprise Server for SAP Applications)
15 SP2-LTSS (SUSE Linux Enterprise High Performance Computing)
15 (Suse Linux Enterprise Server)
15 SP4 (SUSE Linux Enterprise Server for SAP Applications)
9 (Red Hat Enterprise Linux)
15 SP2-LTSS (Suse Linux Enterprise Server)
4.3 (SUSE Manager Retail Branch Server)
4.3 (SUSE Manager Proxy)
4.3 (SUSE Manager Server)
7.1 (SUSE Enterprise Storage)
15 (SUSE Linux Enterprise High Performance Computing)
5.3 (SUSE Linux Enterprise Micro)
15 SP3-LTSS (Suse Linux Enterprise Server)
15 SP3-LTSS (SUSE Linux Enterprise High Performance Computing)
38 (Fedora)
39 (Fedora)
15 SP5 (SUSE Linux Enterprise Server for SAP Applications)
15 SP5 (Suse Linux Enterprise Server)
15 SP5 (Suse Linux Enterprise Desktop)
15 SP5 (SUSE Linux Enterprise High Performance Computing)
15 SP5 (SUSE Linux Enterprise Module for Basesystem)
5.4 (SUSE Linux Enterprise Micro)
2 (Red Hat Ansible Automation Platform)
4.13 (Red Hat OpenShift Container Platform)
15 SP5 (SUSE Linux Enterprise Module for Package Hub)
5.5 (SUSE Linux Enterprise Micro)
5.5 (openSUSE Leap Micro)
9 (SUSE Liberty Linux)
8 (SUSE Liberty Linux)
15 SP4-ESPOS (SUSE Linux Enterprise High Performance Computing)
15 SP4-LTSS (SUSE Linux Enterprise High Performance Computing)
40 (Fedora)
15 SP4-LTSS (Suse Linux Enterprise Server)
4.15 (Red Hat OpenShift Container Platform)
15 SP6 (Suse Linux Enterprise Desktop)
15 SP6 (Suse Linux Enterprise Server)
15 SP6 (SUSE Linux Enterprise Server for SAP Applications)
15 SP6 (SUSE Linux Enterprise High Performance Computing)
15 SP6 (SUSE Linux Enterprise Module for Basesystem)
15 SP6 (SUSE Linux Enterprise Module for Package Hub)
15.6 (OpenSUSE Leap)
6.0 (SUSE Linux Enterprise Micro)
4.14 (Red Hat OpenShift Container Platform)
4.16 (Red Hat OpenShift Container Platform)
6.1 (SUSE Linux Enterprise Micro)
2.4 for RHEL 8 (Red Hat Ansible Automation Platform)
2.4 for RHEL 9 (Red Hat Ansible Automation Platform)
15 SP5 (SUSE Linux Enterprise Module for Python 3)
15 SP6 (SUSE Linux Enterprise Module for Python 3)
до 2.6.0 включительно (dnspython)

Тип ПО

Операционная система
Прикладное ПО информационных систем
Сетевое средство
Сетевое программное средство

Операционные системы и аппаратные платформы

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4
Novell Inc. OpenSUSE Leap 15.5
Novell Inc. Suse Linux Enterprise Server 12 SP3
Novell Inc. Suse Linux Enterprise Server 12 SP4
Red Hat Inc. Red Hat Enterprise Linux 8
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15
Novell Inc. Suse Linux Enterprise Server 12 SP5
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP5
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12
Novell Inc. openSUSE Tumbleweed -
Сообщество свободного программного обеспечения Debian GNU/Linux 11
Сообщество свободного программного обеспечения Debian GNU/Linux 12
Novell Inc. Suse Linux Enterprise Server 12
ООО «Ред Софт» РЕД ОС 7.3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP2
Novell Inc. Suse Linux Enterprise Server 15
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP4
Red Hat Inc. Red Hat Enterprise Linux 9
Novell Inc. Suse Linux Enterprise Server 15 SP2-LTSS
Novell Inc. Suse Linux Enterprise Server 15 SP3-LTSS
Fedora Project Fedora 38
Fedora Project Fedora 39
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP5
Novell Inc. Suse Linux Enterprise Server 15 SP5
Novell Inc. Suse Linux Enterprise Desktop 15 SP5
Novell Inc. openSUSE Leap Micro 5.5
Novell Inc. SUSE Liberty Linux 9
Novell Inc. SUSE Liberty Linux 8
Fedora Project Fedora 40
Novell Inc. Suse Linux Enterprise Server 15 SP4-LTSS
Novell Inc. Suse Linux Enterprise Desktop 15 SP6
Novell Inc. Suse Linux Enterprise Server 15 SP6
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP6
Novell Inc. OpenSUSE Leap 15.6

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 6,6)
Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 7)

Возможные меры по устранению уязвимости

Использование рекомендаций:
https://github.com/rthalley/dnspython/releases/tag/v2.6.0
Для РедОС:
https://redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-python3-dns-cve-2023-29483/?sphrase_id=756875
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2023-29483
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2023-29483
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2023-29483.html
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRKR57IFVKQC2GCXZBFLCLBAWBWL3F6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOHJOO3OM65UIUUUVDEXMCTXNM6LXZEH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3BNSIK5NFYSAP53Y45GOCMOQHHDLGIF/

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 77%
0.01121
Низкий

7 High

CVSS3

6.6 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2023-29483

CVSS3: 7
ubuntu
около 1 года назад

eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.

redhat логотип

CVE-2023-29483

CVSS3: 5.9
redhat
больше 1 года назад

eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.

nvd логотип

CVE-2023-29483

CVSS3: 7
nvd
около 1 года назад

eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.

debian логотип

CVE-2023-29483

CVSS3: 7
debian
около 1 года назад

eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remo ...

suse-cvrf логотип

SUSE-SU-2024:3298-1

suse-cvrf
9 месяцев назад

Security update for python-dnspython

EPSS

Процентиль: 77%
0.01121
Низкий

7 High

CVSS3

6.6 Medium

CVSS2

Уязвимость BDU:2025-03301