CVE-2022-42969
Summary
| CVE | CVE-2022-42969 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-10-16 06:15:00 UTC |
| Updated | 2023-02-28 15:11:00 UTC |
| Description | The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. |
Risk And Classification
Problem Types: CWE-1333
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| py · PyPI | MISC | pypi.org | |
| py/svnurl.py at cb87a83960523a2367d0f19226a73aed4ce4291d · pytest-dev/py · GitHub | MISC | github.com | |
| ReDoS vulnerability in svnurl.py · Issue #287 · pytest-dev/py · GitHub | MISC | github.com | |
| One example of this was a CVE for ReDoS in the `py` support library, which cause... | Hacker News | MISC | news.ycombinator.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 691122 Free Berkeley Software Distribution (FreeBSD) Security Update for py39 (28a37df6-ba1a-4eed-bb64-623fc8e8dfd0)
- 753589 SUSE Enterprise Linux Security Update for python-py (SUSE-SU-2023:0161-1)
- 753685 SUSE Enterprise Linux Security Update for python-py (SUSE-SU-2023:0395-1)
- 753759 SUSE Enterprise Linux Security Update for python-py (SUSE-SU-2023:0681-1)
- 904229 Common Base Linux Mariner (CBL-Mariner) Security Update for python-py (11166)
- 904267 Common Base Linux Mariner (CBL-Mariner) Security Update for python-py (11140)