{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-45061", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T14:01:31.434Z", "dateReserved": "2022-11-09T00:00:00", "datePublished": "2022-11-09T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-09-15T21:07:33.878146"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/python/cpython/issues/98433"}, {"name": "FEDORA-2022-45d2cfdfa4", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/"}, {"name": "FEDORA-2022-3e859b6bc6", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/"}, {"name": "FEDORA-2022-e1ce71ff40", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/"}, {"name": "FEDORA-2022-fdb2739feb", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/"}, {"url": "https://security.netapp.com/advisory/ntap-20221209-0007/"}, {"name": "FEDORA-2022-6f4e6120d7", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/"}, {"name": "FEDORA-2022-e6d0495206", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/"}, {"name": "FEDORA-2022-6d51289820", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/"}, {"name": "FEDORA-2022-50deb53896", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/"}, {"name": "FEDORA-2022-93c6916349", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/"}, {"name": "FEDORA-2022-18b234c18b", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/"}, {"name": "FEDORA-2022-de755fd092", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/"}, {"name": "FEDORA-2022-fd3771db30", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/"}, {"name": "FEDORA-2022-6b8b96f883", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/"}, {"name": "FEDORA-2022-3d7e44dbd5", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/"}, {"name": "FEDORA-2022-b2f06fbb62", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/"}, {"name": "FEDORA-2022-6ba889e0e3", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/"}, {"name": "FEDORA-2022-dbb811d203", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/"}, {"name": "FEDORA-2022-e699dd5247", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/"}, {"name": "FEDORA-2022-fbf6a320fe", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/"}, {"name": "FEDORA-2022-bcf089dd07", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/"}, {"name": "FEDORA-2023-a990c93ed0", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/"}, {"name": "FEDORA-2023-78b4ce2f23", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/"}, {"name": "FEDORA-2023-af5206f71d", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/"}, {"name": "FEDORA-2023-943556a733", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/"}, {"name": "FEDORA-2023-097dd40685", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/"}, {"name": "FEDORA-2023-f1381c83af", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/"}, {"name": "GLSA-202305-02", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202305-02"}, {"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"}, {"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"}, {"name": "FEDORA-2023-129178fd27", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/"}, {"name": "FEDORA-2023-c43a940a93", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/"}, {"name": "FEDORA-2023-5460cf6dfb", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:01:31.434Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/python/cpython/issues/98433", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-45d2cfdfa4", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/"}, {"name": "FEDORA-2022-3e859b6bc6", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/"}, {"name": "FEDORA-2022-e1ce71ff40", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/"}, {"name": "FEDORA-2022-fdb2739feb", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/"}, {"url": "https://security.netapp.com/advisory/ntap-20221209-0007/", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-6f4e6120d7", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/"}, {"name": "FEDORA-2022-e6d0495206", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/"}, {"name": "FEDORA-2022-6d51289820", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/"}, {"name": "FEDORA-2022-50deb53896", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/"}, {"name": "FEDORA-2022-93c6916349", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/"}, {"name": "FEDORA-2022-18b234c18b", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/"}, {"name": "FEDORA-2022-de755fd092", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/"}, {"name": "FEDORA-2022-fd3771db30", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/"}, {"name": "FEDORA-2022-6b8b96f883", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/"}, {"name": "FEDORA-2022-3d7e44dbd5", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/"}, {"name": "FEDORA-2022-b2f06fbb62", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/"}, {"name": "FEDORA-2022-6ba889e0e3", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/"}, {"name": "FEDORA-2022-dbb811d203", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/"}, {"name": "FEDORA-2022-e699dd5247", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/"}, {"name": "FEDORA-2022-fbf6a320fe", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/"}, {"name": "FEDORA-2022-bcf089dd07", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/"}, {"name": "FEDORA-2023-a990c93ed0", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/"}, {"name": "FEDORA-2023-78b4ce2f23", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/"}, {"name": "FEDORA-2023-af5206f71d", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/"}, {"name": "FEDORA-2023-943556a733", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/"}, {"name": "FEDORA-2023-097dd40685", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/"}, {"name": "FEDORA-2023-f1381c83af", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/"}, {"name": "GLSA-202305-02", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202305-02"}, {"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"}, {"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"}, {"name": "FEDORA-2023-129178fd27", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/"}, {"name": "FEDORA-2023-c43a940a93", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/"}, {"name": "FEDORA-2023-5460cf6dfb", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "20A23D09-CFA7-4028-A5E9-7AD784C2B9D8", "versionEndIncluding": "3.7.15", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E43ADF1-EABE-45A4-96BE-F1E018ADAEE3", "versionEndIncluding": "3.8.15", "versionStartIncluding": "3.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FB09E1E-A9D2-494E-9481-1BBA00D3CFEC", "versionEndIncluding": "3.9.15", "versionStartIncluding": "3.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "2415C537-F33F-496E-BD1C-65887C29FA0B", "versionEndIncluding": "3.10.8", "versionStartIncluding": "3.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:-:*:*:*:*:*:*", "matchCriteriaId": "E533460B-E5D6-4C30-A36B-15E2DDF4121C", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "514A577E-5E60-40BA-ABD0-A8C5EB28BD90", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "83B71795-9C81-4E5F-967C-C11808F24B05", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "3F6F71F3-299E-4A4B-ADD1-EAD5A1D433E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "D9BBF4E9-EA54-41B5-948E-8E3D2660B7EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:alpha5:*:*:*:*:*:*", "matchCriteriaId": "AEBFDCE7-81D4-4741-BB88-12C704515F5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:alpha6:*:*:*:*:*:*", "matchCriteriaId": "156EB4C2-EFB7-4CEB-804D-93DB62992A63", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:alpha7:*:*:*:*:*:*", "matchCriteriaId": "8CC972AE-16A8-4B74-A3E7-36BCDD7C1ED3", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "554015CB-0325-438B-8C11-0F85F54ABC50", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "8037C129-0030-455E-A359-98E14D1498D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "7C3DC43B-72CC-4FC5-8072-F051FB47F6D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "6657ED60-908B-48E6-B95B-572E57CFBB69", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "1EF628A1-82F5-403C-B527-388C13507CDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "3055A198-13F8-42C0-8FD7-316AA8984A8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "03591292-46A3-4F6C-9DC6-4C7BFC4C8743", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A6E548F-62E9-40CB-85DA-FDAA0F0096C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "86B51137-28D9-41F2-AFA2-3CC22B4954D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Python antes de la versi\u00f3n 3.11.1. Existe un algoritmo cuadr\u00e1tico innecesario en una ruta cuando se procesan algunas entradas al decodificador IDNA (RFC 3490), de modo que un nombre elaborado e irrazonablemente largo que se presente al decodificador podr\u00eda provocar una denegaci\u00f3n de servicio de la CPU. Los nombres de host suelen ser proporcionados por servidores remotos que podr\u00edan estar controlados por un actor malicioso; en tal escenario, podr\u00edan desencadenar un consumo excesivo de CPU en el cliente que intenta hacer uso de un supuesto nombre de host proporcionado por el atacante. Por ejemplo, el payload del ataque podr\u00eda colocarse en el encabezado Ubicaci\u00f3n de una respuesta HTTP con el c\u00f3digo de estado 302. Est\u00e1 prevista una soluci\u00f3n en 3.11.1, 3.10.9, 3.9.16, 3.8.16 y 3.7.16."}], "id": "CVE-2022-45061", "lastModified": "2023-11-07T03:54:30.370", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-09T07:15:09.887", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/python/cpython/issues/98433"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202305-02"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221209-0007/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-407"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:0833", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python3-0:3.6.8-48.el8_7.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-02-21T00:00:00Z"}, {"advisory": "RHSA-2023:2763", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python38:3.8-8080020221221151857.0d9ba776", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:2763", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python38-devel:3.8-8080020221221151857.0d9ba776", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:2764", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python39:3.9-8080020221221152015.aed85c85", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:2764", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python39-devel:3.9-8080020221221152015.aed85c85", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:2860", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python27:2.7-8080020221221225124.ba5e661a", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:0833", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "python3-0:3.6.8-48.el8_7.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:0430", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "python3-0:3.6.8-47.el8_6.4", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-01-25T00:00:00Z"}, {"advisory": "RHSA-2023:0953", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "python3.9-0:3.9.14-1.el9_1.2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-02-28T00:00:00Z"}, {"advisory": "RHSA-2023:0953", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "python3.9-0:3.9.14-1.el9_1.2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-02-28T00:00:00Z"}, {"advisory": "RHSA-2023:6793", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-0:3.8.18-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2023-11-08T00:00:00Z"}], "bugzilla": {"description": "python: CPU denial of service via inefficient IDNA decoder", "id": "2144072", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144072"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400", "details": ["An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.", "A vulnerability was discovered in Python. A quadratic algorithm exists when processing inputs to the IDNA (RFC 3490) decoder, such that a crafted unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor, which could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied hostname."], "name": "CVE-2022-45061", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "python", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "python", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "python3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "gimp:flatpak/python2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "inkscape:flatpak/python2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python36:3.6/python36", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2022-11-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-45061\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45061\nhttps://github.com/python/cpython/issues/98433\nhttps://python-security.readthedocs.io/vuln/slow-idna-large-strings.html"], "statement": "Versions of `python36:3.6/python36` as shipped with Red Hat Enterprise Linux 8 are marked as 'Not affected' as they just provide \"symlinks\" to the main `python3` component, which provides the actual interpreter of the Python programming language.", "threat_severity": "Moderate", "upstream_fix": "python 3.11.1, python 3.10.9, python 3.9.16, python 3.8.16, python 3.7.16"}