Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-36087

Published: 09/09/2022 Updated: 07/11/2023
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Oauthlib Project

Vulnerability Summary

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oauthlib project oauthlib

fedoraproject fedora 37

Vendor Advisories

Red Hat: Moderate: fence-agents security and bug fix update
Synopsis Moderate: fence-agents security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for fence-agents is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this ...
Debian CVElist Bug Report Logs: python-oauthlib: CVE-2022-36087: DoS when attacker provide malicious IPV6 URI
Debian Bug report logs - #1019710 python-oauthlib: CVE-2022-36087: DoS when attacker provide malicious IPV6 URI Package: src:python-oauthlib; Maintainer for src:python-oauthlib is Debian Python Team <team+python@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 13 Sep 2022 20:18:01 ...
Red Hat:
Description<!----> A flaw was found in python-oauthlib This flaw allows an attacker providing a malicious redirect URI to cause a denial of service to OAuthLib's web application A flaw was found in python-oauthlib This flaw allows an attacker providing a malicious redirect URI to cause a denial of service to OAuthLib's web applicat ...

References

CWE-20https://github.com/oauthlib/oauthlib/blob/2b8a44855a51ad5a5b0c348a08c2564a2e197ea2/oauthlib/uri_validate.pyhttps://github.com/oauthlib/oauthlib/releases/tag/v3.2.1https://github.com/oauthlib/oauthlib/blob/d4bafd9f1d0eba3766e933b1ac598cbbf37b8914/oauthlib/oauth2/rfc6749/grant_types/base.py#L232https://github.com/oauthlib/oauthlib/security/advisories/GHSA-3pgj-pg6c-r5p7https://github.com/oauthlib/oauthlib/commit/2e40b412c844ecc4673c3fa3f72181f228bdbacdhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRYLYHE5HWF6R2CRLJFUK4PILR47WXOE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2CQZM5CKOUM4GW2GTAPQEQFPITQ6F7S/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBCQJR3ZF7FVNTJYRVPVSQEQRAYZIUHU/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXOPIA6M57CFQPUT6HHSNXCTV6QA3UDI/https://access.redhat.com/errata/RHSA-2023:2161https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2022-36087
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook