Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-21419

Опубликовано: 07 мая 2021
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 5.3

Описание

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but there is no workaround to protect Eventlet process.

РелизСтатусПримечание
bionic

not-affected

code not present
devel

released

0.30.0-0ubuntu2
esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

code not present
esm-infra/focal

released

0.25.1-2ubuntu1.1
esm-infra/xenial

not-affected

code not present
focal

released

0.25.1-2ubuntu1.1
groovy

released

0.26.1-0ubuntu1.1
hirsute

released

0.30.0-0ubuntu1.1
impish

released

0.30.0-0ubuntu2

Показывать по

Ссылки на источники

EPSS

Процентиль: 33%
0.0013
Низкий

5 Medium

CVSS2

5.3 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-21419

CVSS3: 5.3
redhat
почти 5 лет назад

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but there is no workaround to protect Eventlet process.

nvd логотип

CVE-2021-21419

CVSS3: 5.3
nvd
больше 4 лет назад

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but there is no workaround to protect Eventlet process.

debian логотип

CVE-2021-21419

CVSS3: 5.3
debian
больше 4 лет назад

Eventlet is a concurrent networking library for Python. A websocket pe ...

github логотип

GHSA-9p9m-jm8w-94p2

CVSS3: 5.3
github
больше 4 лет назад

Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet

fstec логотип

BDU:2021-04421

CVSS3: 5.3
fstec
больше 4 лет назад

Уязвимость сетевой библиотеки Eventlet программного обеспечения Python, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю выполнить отказ в обслуживании

EPSS

Процентиль: 33%
0.0013
Низкий

5 Medium

CVSS2

5.3 Medium

CVSS3