vulnerability
Alma Linux: CVE-2022-45061: Moderate: python3 security update (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | 2022-11-09 | 2023-02-22 | 2025-01-28 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
2022-11-09
Added
2023-02-22
Modified
2025-01-28
Description
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.
Solution(s)
alma-upgrade-babelalma-upgrade-platform-pythonalma-upgrade-platform-python-debugalma-upgrade-platform-python-develalma-upgrade-python-nose-docsalma-upgrade-python-psycopg2-docalma-upgrade-python-sqlalchemy-docalma-upgrade-python-unversioned-commandalma-upgrade-python2alma-upgrade-python2-attrsalma-upgrade-python2-babelalma-upgrade-python2-backportsalma-upgrade-python2-backports-ssl_match_hostnamealma-upgrade-python2-bsonalma-upgrade-python2-chardetalma-upgrade-python2-coveragealma-upgrade-python2-cythonalma-upgrade-python2-debugalma-upgrade-python2-develalma-upgrade-python2-dnsalma-upgrade-python2-docsalma-upgrade-python2-docs-infoalma-upgrade-python2-docutilsalma-upgrade-python2-funcsigsalma-upgrade-python2-idnaalma-upgrade-python2-ipaddressalma-upgrade-python2-jinja2alma-upgrade-python2-libsalma-upgrade-python2-lxmlalma-upgrade-python2-markupsafealma-upgrade-python2-mockalma-upgrade-python2-nosealma-upgrade-python2-numpyalma-upgrade-python2-numpy-docalma-upgrade-python2-numpy-f2pyalma-upgrade-python2-pipalma-upgrade-python2-pip-wheelalma-upgrade-python2-pluggyalma-upgrade-python2-psycopg2alma-upgrade-python2-psycopg2-debugalma-upgrade-python2-psycopg2-testsalma-upgrade-python2-pyalma-upgrade-python2-pygmentsalma-upgrade-python2-pymongoalma-upgrade-python2-pymongo-gridfsalma-upgrade-python2-pymysqlalma-upgrade-python2-pysocksalma-upgrade-python2-pytestalma-upgrade-python2-pytest-mockalma-upgrade-python2-pytzalma-upgrade-python2-pyyamlalma-upgrade-python2-requestsalma-upgrade-python2-rpm-macrosalma-upgrade-python2-scipyalma-upgrade-python2-setuptoolsalma-upgrade-python2-setuptools-wheelalma-upgrade-python2-setuptools_scmalma-upgrade-python2-sixalma-upgrade-python2-sqlalchemyalma-upgrade-python2-testalma-upgrade-python2-tkinteralma-upgrade-python2-toolsalma-upgrade-python2-urllib3alma-upgrade-python2-virtualenvalma-upgrade-python2-wheelalma-upgrade-python2-wheel-wheelalma-upgrade-python3alma-upgrade-python3-debugalma-upgrade-python3-develalma-upgrade-python3-idlealma-upgrade-python3-libsalma-upgrade-python3-testalma-upgrade-python3-tkinteralma-upgrade-python38alma-upgrade-python38-asn1cryptoalma-upgrade-python38-atomicwritesalma-upgrade-python38-attrsalma-upgrade-python38-babelalma-upgrade-python38-cffialma-upgrade-python38-chardetalma-upgrade-python38-cryptographyalma-upgrade-python38-cythonalma-upgrade-python38-debugalma-upgrade-python38-develalma-upgrade-python38-idlealma-upgrade-python38-idnaalma-upgrade-python38-jinja2alma-upgrade-python38-libsalma-upgrade-python38-lxmlalma-upgrade-python38-markupsafealma-upgrade-python38-mod_wsgialma-upgrade-python38-more-itertoolsalma-upgrade-python38-numpyalma-upgrade-python38-numpy-docalma-upgrade-python38-numpy-f2pyalma-upgrade-python38-packagingalma-upgrade-python38-pipalma-upgrade-python38-pip-wheelalma-upgrade-python38-pluggyalma-upgrade-python38-plyalma-upgrade-python38-psutilalma-upgrade-python38-psycopg2alma-upgrade-python38-psycopg2-docalma-upgrade-python38-psycopg2-testsalma-upgrade-python38-pyalma-upgrade-python38-pycparseralma-upgrade-python38-pymysqlalma-upgrade-python38-pyparsingalma-upgrade-python38-pysocksalma-upgrade-python38-pytestalma-upgrade-python38-pytzalma-upgrade-python38-pyyamlalma-upgrade-python38-requestsalma-upgrade-python38-rpm-macrosalma-upgrade-python38-scipyalma-upgrade-python38-setuptoolsalma-upgrade-python38-setuptools-wheelalma-upgrade-python38-sixalma-upgrade-python38-testalma-upgrade-python38-tkinteralma-upgrade-python38-urllib3alma-upgrade-python38-wcwidthalma-upgrade-python38-wheelalma-upgrade-python38-wheel-wheelalma-upgrade-python39alma-upgrade-python39-attrsalma-upgrade-python39-cffialma-upgrade-python39-chardetalma-upgrade-python39-cryptographyalma-upgrade-python39-cythonalma-upgrade-python39-debugalma-upgrade-python39-develalma-upgrade-python39-idlealma-upgrade-python39-idnaalma-upgrade-python39-iniconfigalma-upgrade-python39-libsalma-upgrade-python39-lxmlalma-upgrade-python39-mod_wsgialma-upgrade-python39-more-itertoolsalma-upgrade-python39-numpyalma-upgrade-python39-numpy-docalma-upgrade-python39-numpy-f2pyalma-upgrade-python39-packagingalma-upgrade-python39-pipalma-upgrade-python39-pip-wheelalma-upgrade-python39-pluggyalma-upgrade-python39-plyalma-upgrade-python39-psutilalma-upgrade-python39-psycopg2alma-upgrade-python39-psycopg2-docalma-upgrade-python39-psycopg2-testsalma-upgrade-python39-pyalma-upgrade-python39-pybind11alma-upgrade-python39-pybind11-develalma-upgrade-python39-pycparseralma-upgrade-python39-pymysqlalma-upgrade-python39-pyparsingalma-upgrade-python39-pysocksalma-upgrade-python39-pytestalma-upgrade-python39-pyyamlalma-upgrade-python39-requestsalma-upgrade-python39-rpm-macrosalma-upgrade-python39-scipyalma-upgrade-python39-setuptoolsalma-upgrade-python39-setuptools-wheelalma-upgrade-python39-sixalma-upgrade-python39-testalma-upgrade-python39-tkinteralma-upgrade-python39-tomlalma-upgrade-python39-urllib3alma-upgrade-python39-wcwidthalma-upgrade-python39-wheelalma-upgrade-python39-wheel-wheel
References
- CVE-2022-45061
- https://attackerkb.com/topics/CVE-2022-45061
- URL-https://errata.almalinux.org/8/ALSA-2023-0833.html
- URL-https://errata.almalinux.org/8/ALSA-2023-2763.html
- URL-https://errata.almalinux.org/8/ALSA-2023-2764.html
- URL-https://errata.almalinux.org/8/ALSA-2023-2860.html
- URL-https://errata.almalinux.org/9/ALSA-2023-0953.html
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.