what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2020-8492

Status Candidate

Overview

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

Related Files

Ubuntu Security Notice USN-5200-1
Posted Dec 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5200-1 - It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex allowing for catastrophic backtracking. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service condition for a client. It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service condition for a client. Various other issues were also addressed.

tags | advisory, web, denial of service, python
systems | linux, ubuntu
advisories | CVE-2020-8492, CVE-2021-3733, CVE-2021-3737
SHA-256 | 729bc78597e4fd0f17e876cb9c891d709d4ad254691f0fa2f4c7241f79beb5f0
Red Hat Security Advisory 2021-2021-01
Posted May 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2021-01 - Red Hat OpenShift Serverless 1.10.2 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.5. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-1000858, CVE-2018-20843, CVE-2019-13050, CVE-2019-13627, CVE-2019-14889, CVE-2019-15903, CVE-2019-16168, CVE-2019-16935, CVE-2019-19221, CVE-2019-19906, CVE-2019-19956, CVE-2019-20218, CVE-2019-20387, CVE-2019-20388, CVE-2019-20454, CVE-2019-20907, CVE-2019-20916, CVE-2019-5018, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-14422, CVE-2020-1730, CVE-2020-6405, CVE-2020-7595, CVE-2020-8492, CVE-2020-9327
SHA-256 | cea1cf00dcdae1e8f10b304383784974afe87eafeed9543bfd8952847505e233
Ubuntu Security Notice USN-4754-3
Posted Mar 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4754-3 - USN-4754-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. In the case of Python 2.7 for 20.04 ESM, these additional fixes are included: It was discovered that Python allowed remote attackers to cause a denial of service via a ZIP bomb. It was discovered that Python had potentially misleading information about whether sorting occurs. This fix updates the documentation about it. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2019-17514, CVE-2019-20907, CVE-2019-9674, CVE-2020-26116, CVE-2020-27619, CVE-2020-8492
SHA-256 | 6c0e7ce6beab30b21a9bdb915fb21f53cfb96f785e275b6012bfe9f6b58e015f
Red Hat Security Advisory 2020-4641-01
Posted Nov 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4641-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, python
systems | linux, redhat
advisories | CVE-2019-20477, CVE-2019-20907, CVE-2020-14422, CVE-2020-1747, CVE-2020-8492
SHA-256 | a3b9d3f381fe93a0458a4aaa821edd82cf184a7630b5e018598aeb2ff91c6a48
Red Hat Security Advisory 2020-4433-01
Posted Nov 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4433-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include cross site scripting and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, xss, python
systems | linux, redhat
advisories | CVE-2019-16935, CVE-2019-20907, CVE-2020-14422, CVE-2020-8492
SHA-256 | 1498a4aee277b3c9fde3c1831259e295f4b1e16184d83007dc61a6c62171971f
Red Hat Security Advisory 2020-4285-01
Posted Oct 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4285-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include crlf injection, cross site scripting, denial of service, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, xss, python
systems | linux, redhat
advisories | CVE-2019-16935, CVE-2019-18348, CVE-2019-20907, CVE-2019-20916, CVE-2020-14422, CVE-2020-26116, CVE-2020-8492
SHA-256 | d7804d0647bbe8e101a6c74b08111f835bcece37011ce1e469a79de6d0b913b3
Red Hat Security Advisory 2020-3888-01
Posted Sep 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3888-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include cross site scripting and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, xss, python
systems | linux, redhat
advisories | CVE-2019-16935, CVE-2020-8492
SHA-256 | 4306dcd09dbbdd82343c606706403a7f0e33fdb768d6f24fdb7a8f76ba053785
Gentoo Linux Security Advisory 202005-09
Posted May 15, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202005-9 - A vulnerability in Python could lead to a Denial of Service condition. Versions less than 2.7.18:2.7 are affected.

tags | advisory, denial of service, python
systems | linux, gentoo
advisories | CVE-2020-8492
SHA-256 | 2d7f5b8342ce35b98f6e8586a81331d05e7437a9e67b4693d40ce2f035b09707
Ubuntu Security Notice USN-4333-2
Posted Apr 30, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4333-2 - USN-4333-1 fixed vulnerabilities in Python. This update provides the corresponding update for Ubuntu 20.04 LTS. It was discovered that Python incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. Various other issues were also addressed.

tags | advisory, remote, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2019-18348, CVE-2020-8492
SHA-256 | 43f942bcd646f04ea7e6073a9f666205b0118e80e549e71707f5d3e9c90b46e3
Ubuntu Security Notice USN-4333-1
Posted Apr 21, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4333-1 - It was discovered that Python incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. It was discovered that Python incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, web, denial of service, python
systems | linux, ubuntu
advisories | CVE-2019-18348, CVE-2020-8492
SHA-256 | 1967c18bd3169d4327564565e9b7b0b2a4f936862d568280504cb0802ebca14f
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close