exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

CVE-2022-45061

Status Candidate

Overview

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.

Related Files

Red Hat Security Advisory 2023-2860-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2860-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, python
systems | linux, redhat
advisories | CVE-2022-45061
SHA-256 | ef04a6af2b2b268826567eb8b38023428bea63e65a01ccefd05e085aa4e26a68
Red Hat Security Advisory 2023-2763-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2763-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include denial of service, information leakage, and open redirection vulnerabilities.

tags | advisory, denial of service, vulnerability, python
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2022-45061
SHA-256 | 7c13e4849b247024b1e54df96241fe720044da07f3377d2dd8f68fb63196268c
Red Hat Security Advisory 2023-2764-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2764-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include denial of service, information leakage, and open redirection vulnerabilities.

tags | advisory, denial of service, vulnerability, python
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2022-45061
SHA-256 | 58ecdb375728ffca18024a930bb48a050184958a02d68bf5cb769a3fee07b237
Red Hat Security Advisory 2023-2104-01
Posted May 4, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2104-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2022-25881, CVE-2022-2873, CVE-2022-40897, CVE-2022-41222, CVE-2022-4269, CVE-2022-4304, CVE-2022-4378, CVE-2022-43945, CVE-2022-4415, CVE-2022-4450, CVE-2022-45061, CVE-2022-48303
SHA-256 | d7518abfdd2ac009bc17d82bebd1a4b25522cb7e7ce34f44d42b7e72b887fd7b
Red Hat Security Advisory 2023-2083-01
Posted May 3, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2083-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Issues addressed include denial of service and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2022-25881, CVE-2022-3841, CVE-2022-40897, CVE-2022-4269, CVE-2022-4304, CVE-2022-4378, CVE-2022-4415, CVE-2022-4450, CVE-2022-45061, CVE-2022-48303, CVE-2023-0215, CVE-2023-0266
SHA-256 | 73a3a6d4835d6deabe73aac1424fead885072ae86393a0569e27f07803acfe01
Gentoo Linux Security Advisory 202305-02
Posted May 3, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202305-2 - Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution.

tags | advisory, arbitrary, vulnerability, code execution, python
systems | linux, gentoo
advisories | CVE-2015-20107, CVE-2021-28363, CVE-2021-28861, CVE-2021-29921, CVE-2021-3654, CVE-2022-0391, CVE-2022-37454, CVE-2022-42919, CVE-2022-45061
SHA-256 | 641b7206ae708be2456ced27dc11f8f77c8d01d6eb97ee4f516c3e6799b4e0ad
Red Hat Security Advisory 2023-2061-01
Posted May 2, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2061-01 - Multicluster Engine for Kubernetes 2.1.6 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2022-25881, CVE-2022-40897, CVE-2022-4304, CVE-2022-4415, CVE-2022-4450, CVE-2022-45061, CVE-2022-48303, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361, CVE-2023-0767, CVE-2023-23916
SHA-256 | 7da47561e67a1270c55a788f2757706933c85cf0d1b623630d91a7ddea2d1a34
Red Hat Security Advisory 2023-2023-01
Posted Apr 26, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2023-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2022-40186, CVE-2022-40897, CVE-2022-4304, CVE-2022-4415, CVE-2022-4450, CVE-2022-45061, CVE-2022-48303, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361, CVE-2023-23916
SHA-256 | c6904d9c5fef64669837a2ad40e8be5c2049a68a8cf769b21ca87ac743de8433
Red Hat Security Advisory 2023-1816-01
Posted Apr 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1816-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2022-40897, CVE-2022-41717, CVE-2022-4304, CVE-2022-4415, CVE-2022-4450, CVE-2022-45061, CVE-2022-48303, CVE-2023-0215, CVE-2023-0286, CVE-2023-23916
SHA-256 | a70c6ef26c474fa0bc35f3e63191b1ee0e4542083ed8129be39343b736d85a22
Red Hat Security Advisory 2023-1448-01
Posted Mar 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1448-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2021-46848, CVE-2022-35737, CVE-2022-40303, CVE-2022-40304, CVE-2022-40897, CVE-2022-41717, CVE-2022-42010, CVE-2022-42011, CVE-2022-42012, CVE-2022-43680, CVE-2022-4415, CVE-2022-45061
SHA-256 | 1b193630b8e330c5beb2f6d03ac4f918994f47de1b014739c473097c892d1822
Red Hat Security Advisory 2023-1453-01
Posted Mar 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1453-01 - An update is now available for Red Hat OpenShift GitOps 1.6. Red Hat Product Security has rated this update as having a security impact of Moderate.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2022-1471, CVE-2022-34174, CVE-2022-40897, CVE-2022-41354, CVE-2022-4415, CVE-2022-45061, CVE-2022-48303, CVE-2023-23916
SHA-256 | c76180fd6cae4cf0e83add00601705382d8d90901ce545a3ad5483eba679e5f1
Red Hat Security Advisory 2023-1454-01
Posted Mar 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1454-01 - An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Moderate.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2022-1471, CVE-2022-34174, CVE-2022-40897, CVE-2022-41354, CVE-2022-4415, CVE-2022-45061, CVE-2022-48303, CVE-2023-23916
SHA-256 | e5348e801b2d4fe1754d4f8a2bb5142c0390ecbb049bbf961588882000dbd766
Red Hat Security Advisory 2023-0931-01
Posted Mar 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0931-01 - Update information for Logging Subsystem 5.4.12 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2022-40897, CVE-2022-41717, CVE-2022-4415, CVE-2022-45061, CVE-2022-48303
SHA-256 | 489a76ae1da0259d89c16d0f9d4adc8794c858555979c04fdf238effbd179c42
Red Hat Security Advisory 2023-0932-01
Posted Mar 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0932-01 - Update information for Logging Subsystem 5.6.3 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2022-24999, CVE-2022-2873, CVE-2022-40897, CVE-2022-41222, CVE-2022-41717, CVE-2022-43945, CVE-2022-4415, CVE-2022-45061, CVE-2022-48303
SHA-256 | c3f710ebf4c4a5049a9c7598c825e5edecaca34c90026c872eecece7ce700a31
Red Hat Security Advisory 2023-1170-01
Posted Mar 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1170-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2021-4238, CVE-2022-3650, CVE-2022-40897, CVE-2022-4415, CVE-2022-45061, CVE-2022-47629
SHA-256 | 9af00924aa50e7debb9aa931a16647ad24dd72196ed8c6e4451b575dbb6df85f
Red Hat Security Advisory 2023-0930-01
Posted Mar 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0930-01 - Update information for Logging Subsystem 5.5.8 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2022-24999, CVE-2022-2873, CVE-2022-40897, CVE-2022-41222, CVE-2022-41717, CVE-2022-43945, CVE-2022-4415, CVE-2022-45061, CVE-2022-48303
SHA-256 | 658ffa57cf97948f0f07e630b296ef00eae93213218b2c60f486f12cd075e147
Ubuntu Security Notice USN-5888-1
Posted Feb 28, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5888-1 - It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Hamza Avvan discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary, python
systems | linux, ubuntu
advisories | CVE-2015-20107, CVE-2021-28861, CVE-2022-45061
SHA-256 | 3ed05d8a034b8ccbd8a190a2e4579c85ef5adbb3a2f5970087da2e589448bbc5
Red Hat Security Advisory 2023-0953-01
Posted Feb 28, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0953-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, python
systems | linux, redhat
advisories | CVE-2022-45061
SHA-256 | b5ad1e43933d7e24b476c3cf80940d752fa7092183eaed9377f53229089d1d6d
Red Hat Security Advisory 2023-0833-01
Posted Feb 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0833-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include denial of service, information leakage, and open redirection vulnerabilities.

tags | advisory, denial of service, vulnerability, python
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2022-45061
SHA-256 | d16dc5abdc87b7c6d25b0c046da8d55627f3f9d1e6610e67e99f688d38471729
Ubuntu Security Notice USN-5767-2
Posted Dec 12, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5767-2 - USN-5767-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Python incorrectly handled certain IDNA inputs. An attacker could possibly use this issue to expose sensitive information denial of service, or cause a crash.

tags | advisory, denial of service, python
systems | linux, ubuntu
advisories | CVE-2022-45061
SHA-256 | 63c7337bd47f13871b70d5ee38366430f1b2adff27aa41fb426d28bd98c80b47
Ubuntu Security Notice USN-5767-1
Posted Dec 8, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5767-1 - Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals. An attacker could possibly use this issue to cause a crash or execute arbitrary code. It was discovered that Python incorrectly handled certain IDNA inputs. An attacker could possibly use this issue to expose sensitive information denial of service, or cause a crash.

tags | advisory, denial of service, arbitrary, python
systems | linux, ubuntu
advisories | CVE-2022-37454, CVE-2022-45061
SHA-256 | 7c1e978b221fce1e3215a3c441af36781bffe05e45a13e452423ec7ff4141283
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close