Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-45061

Published: 09/11/2022 Updated: 07/11/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Python

Vulnerability Summary

An issue exists in Python prior to 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

python python 3.11.0

python python

fedoraproject fedora 35

fedoraproject fedora 36

fedoraproject fedora 37

netapp element software -

netapp ontap select deploy administration utility -

netapp hci -

netapp active iq unified manager -

netapp e-series performance analyzer -

netapp management services for element software -

netapp bootstrap_os -

Vendor Advisories

Ubuntu Security Notice: USN-5767-1: Python vulnerabilities
Several security issues were fixed in Python ...
Ubuntu Security Notice: USN-5767-2: Python vulnerability
Python could be made to denial of service if it received a specially crafted IDNA input ...
Amazon Linux AMI: ALAS-2023-1713
An issue was discovered in Python before 3111 An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service Hostnames are often supplied by remote servers that could be controlled b ...
Amazon Linux AMI: ALAS-2023-1714
An issue was discovered in Python before 3111 An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service Hostnames are often supplied by remote servers that could be controlled b ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: An issue was discovered in Python before 3111 An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service Hostnames ar ...
Amazon Linux 2: ALASPYTHON3.8-2023-002
An issue was discovered in Python before 3111 An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service Hostnames are often supplied by remote servers that could be controlled b ...
Amazon Linux 2: ALAS2-2023-1917
An issue was discovered in Python before 3111 An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service Hostnames are often supplied by remote servers that could be controlled b ...
Amazon Linux 2: ALAS2-2023-1980
An issue was discovered in Python before 3111 An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service Hostnames are often supplied by remote servers that could be controlled b ...
Red Hat: Moderate: python3 security update
Synopsis Moderate: python3 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for python3 is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Security has rated ...
Red Hat: Moderate: Red Hat Advanced Cluster Management 2.6.5 security updates and bug fixes
Synopsis Moderate: Red Hat Advanced Cluster Management 265 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 265 GeneralAvailability release images, which fix bugs and security updates container imagesRed Hat Product Security has rated this update as having a ...
Red Hat: Moderate: Red Hat OpenShift Service Mesh Containers for 2.3.2 security update
Synopsis Moderate: Red Hat OpenShift Service Mesh Containers for 232 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Service Mesh Containers for 232Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a ...
Red Hat: Moderate: Multicluster Engine for Kubernetes 2.1.6 security updates and bug fixes
Synopsis Moderate: Multicluster Engine for Kubernetes 216 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Multicluster Engine for Kubernetes 216 General Availability release images, which fix bugs and security updates container imagesRed Hat Product Security has rated this update as having a security impact ...
Red Hat: Important: Red Hat OpenShift Data Foundation 4.11.7 Bug Fix and security update
Synopsis Important: Red Hat OpenShift Data Foundation 4117 Bug Fix and security update Type/Severity Security Advisory: Important Topic Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4117 on Red Hat Enterprise Linux 8 from Red Hat Container RegistryRed Hat Product Security has rated this upda ...
Red Hat: Moderate: Red Hat Advanced Cluster Management 2.5.8 security updates and bug fixes
Synopsis Moderate: Red Hat Advanced Cluster Management 258 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 258 GeneralAvailability release images, which fix bugs and security updates container imagesRed Hat Product Security has rated this update as having a ...
Red Hat: Moderate: Logging Subsystem 5.5.8 - Red Hat OpenShift
Synopsis Moderate: Logging Subsystem 558 - Red Hat OpenShift Type/Severity Security Advisory: Moderate Topic Logging Subsystem 558 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is av ...
Red Hat: Important: Self Node Remediation Operator 0.5.1 security update
Synopsis Important: Self Node Remediation Operator 051 security update Type/Severity Security Advisory: Important Topic This is an updated version of the Self Node Remediation Operator This Operator is delivered by Red Hat Workload AvailabilityRed Hat Product Security has rated this update as having a security impact of Important A Commo ...
Red Hat: Important: Red Hat OpenShift Data Foundation 4.12.1 security bug fix update
Synopsis Important: Red Hat OpenShift Data Foundation 4121 security bug fix update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Data Foundation 4121 Bug Fix UpdateRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which giv ...
Red Hat: Moderate: Logging Subsystem 5.4.12 - Red Hat OpenShift
Synopsis Moderate: Logging Subsystem 5412 - Red Hat OpenShift Type/Severity Security Advisory: Moderate Topic Logging Subsystem 5412 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is ...
Red Hat: Moderate: Logging Subsystem 5.6.3 - Red Hat OpenShift
Synopsis Moderate: Logging Subsystem 563 - Red Hat OpenShift Type/Severity Security Advisory: Moderate Topic Logging Subsystem 563 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is av ...
Red Hat: Moderate: python38:3.8 and python38-devel:3.8 security update
概述 Moderate: python38:38 and python38-devel:38 security update 类型/严重性 Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems 标题 An update for the python38:38 and python38-devel:38 modules is now available for Red Hat Enterprise ...
Red Hat: Moderate: python39:3.9 and python39-devel:3.9 security update
Synopsis Moderate: python39:39 and python39-devel:39 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the python39:39 and python39-devel:39 modules is now available for Red Hat Enterprise L ...
Red Hat: Moderate: Red Hat OpenShift GitOps security update
Synopsis Moderate: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift GitOps 17Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity ...
Red Hat: Moderate: Red Hat OpenShift GitOps security update
Synopsis Moderate: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift GitOps 16Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity ...
Red Hat: Moderate: python27:2.7 security update
Synopsis Moderate: python27:27 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the python27:27 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this ...
Red Hat: Moderate: python3 security update
Synopsis Moderate: python3 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for python3 is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a se ...
Red Hat: Moderate: Red Hat OpenShift Data Foundation 4.12.2 Bug Fix and security update
Synopsis Moderate: Red Hat OpenShift Data Foundation 4122 Bug Fix and security update Type/Severity Security Advisory: Moderate Topic Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4122 on Red Hat Enterprise Linux 8 from Red Hat Container RegistryRed Hat Product Security has rated this update ...
Red Hat: Important: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update
Synopsis Important: Red Hat OpenShift Data Foundation 4130 security and bug fix update Type/Severity Security Advisory: Important Topic Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4130 on Red Hat Enterprise Linux 9Red Hat ...
Amazon Linux 2022: ALAS2022-2023-273
Python 39x before 3916 and 310x before 3109 on Linux allows local privilege escalation in a non-default configuration The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means ...
Amazon Linux 2022: ALAS2022-2023-274
Python 39x before 3916 and 310x before 3109 on Linux allows local privilege escalation in a non-default configuration The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/0600b443ff4393d097c485fbc8d3ed3b
Critical Infrastructure Sectors: Critical Manufacturing
https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-407https://github.com/python/cpython/issues/98433https://security.netapp.com/advisory/ntap-20221209-0007/https://security.gentoo.org/glsa/202305-02https://lists.debian.org/debian-lts-announce/2023/05/msg00024.htmlhttps://lists.debian.org/debian-lts-announce/2023/06/msg00039.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/https://nvd.nist.govhttps://ubuntu.com/security/notices/USN-5767-1https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11https://ubuntu.com/security/notices/USN-5767-2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook