USN-5200-1: Python vulnerabilities

USN-5200-1: Python vulnerabilities

It was discovered that the urllib.request.AbstractBasicAuthHandler class
in Python contains regex allowing for catastrophic backtracking. Specially
crafted traffic from a malicious HTTP server could cause a regular expression
denial of service (ReDoS) condition for a client.
(CVE-2020-8492)

It was discovered that the urllib.request.AbstractBasicAuthHandler class
in Python contains regex with a quadratic worst-case time complexity.
Specially crafted traffic from a malicious HTTP server could cause a regular
expression denial of service (ReDoS) condition for a client.
(CVE-2021-3733)

It was discovered that the Python urllib http client could enter into an infinite
loop when incorrectly handling certain server responses (100 Continue response).
Specially crafted traffic from a malicious HTTP server could cause a denial of
service (DoS) condition for a client.
(CVE-2021-3737)
Source: USN-5200-1: Python vulnerabilities

About KENNETH 19694 Articles
지락문화예술공작단

Be the first to comment

Leave a Reply

Your email address will not be published.


*


이 사이트는 스팸을 줄이는 아키스밋을 사용합니다. 댓글이 어떻게 처리되는지 알아보십시오.