Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-2mp6-9mjc-p6jg

Опубликовано: 09 нояб. 2022
Источник: github
Github: Не прошло ревью
CVSS3: 7.5

Описание

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.

Ссылки

EPSS

Процентиль: 25%
0.00081
Низкий

7.5 High

CVSS3

CVE ID

CVE-2022-45061

Дефекты

CWE-400
CWE-407

Связанные уязвимости

ubuntu логотип

CVE-2022-45061

CVSS3: 7.5
ubuntu
почти 3 года назад

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.

redhat логотип

CVE-2022-45061

CVSS3: 7.5
redhat
почти 3 года назад

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.

nvd логотип

CVE-2022-45061

CVSS3: 7.5
nvd
почти 3 года назад

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.

msrc логотип

CVE-2022-45061

CVSS3: 7.5
msrc
почти 3 года назад

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder such that a crafted unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1 3.10.9 3.9.16 3.8.16 and 3.7.16.

debian логотип

CVE-2022-45061

CVSS3: 7.5
debian
почти 3 года назад

An issue was discovered in Python before 3.11.1. An unnecessary quadra ...

EPSS

Процентиль: 25%
0.00081
Низкий

7.5 High

CVSS3

CVE ID

CVE-2022-45061

Дефекты

CWE-400
CWE-407