CVE-2022-45061
Summary
| CVE | CVE-2022-45061 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-11-09 07:15:00 UTC |
| Updated | 2023-11-07 03:54:00 UTC |
| Description | An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. |
Risk And Classification
Problem Types: CWE-407
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 35 | All | All | All |
| Operating System | Fedoraproject | Fedora | 36 | All | All | All |
| Operating System | Fedoraproject | Fedora | 37 | All | All | All |
| Application | Netapp | Active Iq Unified Manager | - | All | All | All |
| Application | Netapp | Active Iq Unified Manager | - | All | All | All |
| Operating System | Netapp | Bootstrap Os | - | All | All | All |
| Application | Netapp | E-series Performance Analyzer | - | All | All | All |
| Application | Netapp | Element Software | - | All | All | All |
| Application | Netapp | Hci | - | All | All | All |
| Hardware | Netapp | Hci Compute Node | - | All | All | All |
| Application | Netapp | Management Services For Element Software | - | All | All | All |
| Application | Netapp | Ontap Select Deploy Administration Utility | - | All | All | All |
| Application | Python | Python | 3.11.0 | - | All | All |
| Application | Python | Python | 3.11.0 | alpha1 | All | All |
| Application | Python | Python | 3.11.0 | alpha2 | All | All |
| Application | Python | Python | 3.11.0 | alpha3 | All | All |
| Application | Python | Python | 3.11.0 | alpha4 | All | All |
| Application | Python | Python | 3.11.0 | alpha5 | All | All |
| Application | Python | Python | 3.11.0 | alpha6 | All | All |
| Application | Python | Python | 3.11.0 | alpha7 | All | All |
| Application | Python | Python | 3.11.0 | beta1 | All | All |
| Application | Python | Python | 3.11.0 | beta2 | All | All |
| Application | Python | Python | 3.11.0 | beta3 | All | All |
| Application | Python | Python | 3.11.0 | beta4 | All | All |
| Application | Python | Python | 3.11.0 | beta5 | All | All |
| Application | Python | Python | 3.11.0 | rc1 | All | All |
| Application | Python | Python | 3.11.0 | rc2 | All | All |
| Application | Python | Python | All | All | All | All |
| Application | Python | Python | All | All | All | All |
| Application | Python | Python | All | All | All | All |
| Application | Python | Python | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 36 Update: python3.11-3.11.1-1.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 36 Update: pypy3.9-7.3.11-1.3.9.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 37 Update: pypy-7.3.12-3.fc37 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 37 Update: python3.6-3.6.15-15.fc37 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 37 Update: python2.7-2.7.18-26.fc37 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 36 Update: python3.10-3.10.9-1.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 35 Update: python3.11-3.11.1-1.fc35 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 37 Update: python3.7-3.7.16-1.fc37 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| Slow IDNA decoding with large strings · Issue #98433 · python/cpython · GitHub | MISC | github.com | |
| [SECURITY] Fedora 37 Update: python3.8-3.8.16-1.fc37 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 38 Update: pypy-7.3.12-3.fc38 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 37 Update: mingw-python3-3.10.8-2.fc37 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 36 Update: python3.7-3.7.16-1.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 36 Update: python3.6-3.6.15-15.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] [DLA 3477-1] python3.7 security update | MLIST | lists.debian.org | |
| [SECURITY] Fedora 36 Update: mingw-python3-3.10.8-2.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 36 Update: python3.11-3.11.1-1.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] [DLA 3432-1] python2.7 security update | MLIST | lists.debian.org | |
| [SECURITY] Fedora 36 Update: python2.7-2.7.18-23.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 37 Update: mingw-python3-3.10.8-2.fc37 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 38 Update: pypy-7.3.12-3.fc38 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 36 Update: python3.7-3.7.16-1.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 37 Update: python3.11-3.11.1-1.fc37 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 36 Update: mingw-python3-3.10.8-2.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 36 Update: pypy3.8-7.3.11-1.3.8.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 36 Update: python3.12-3.12.0~a3-1.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 37 Update: python2.7-2.7.18-26.fc37 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 36 Update: python3.10-3.10.9-1.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 36 Update: python3.8-3.8.16-1.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 36 Update: python3.12-3.12.0~a3-1.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 35 Update: python3.8-3.8.16-1.fc35 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 37 Update: python3.10-3.10.9-1.fc37 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 35 Update: python3.8-3.8.16-1.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 37 Update: python3.8-3.8.16-1.fc37 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 36 Update: python3.9-3.9.16-1.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Python, PyPy3: Multiple Vulnerabilities (GLSA 202305-02) — Gentoo security | GENTOO | security.gentoo.org | |
| [SECURITY] Fedora 37 Update: python3.10-3.10.9-1.fc37 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 37 Update: python3.12-3.12.0~a3-1.fc37 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 35 Update: python3.11-3.11.1-1.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 39 Update: pypy-7.3.12-3.fc39 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 36 Update: pypy3.8-7.3.11-1.3.8.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 35 Update: python3.9-3.9.16-1.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 36 Update: python3.8-3.8.16-1.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 37 Update: pypy3.8-7.3.11-1.3.8.fc37 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 36 Update: pypy3.9-7.3.11-1.3.9.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 36 Update: python3.6-3.6.15-15.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 35 Update: python3.7-3.7.16-1.fc35 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 39 Update: pypy-7.3.12-3.fc39 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 37 Update: python3.12-3.12.0~a3-1.fc37 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 35 Update: python3.7-3.7.16-1.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 37 Update: python3.9-3.9.16-1.fc37 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 35 Update: python3.9-3.9.16-1.fc35 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 37 Update: python3.11-3.11.1-1.fc37 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 37 Update: python3.6-3.6.15-15.fc37 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 37 Update: pypy3.9-7.3.11-1.3.9.fc37 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 37 Update: python3.9-3.9.16-1.fc37 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 37 Update: python3.7-3.7.16-1.fc37 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 37 Update: pypy3.8-7.3.11-1.3.8.fc37 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| CVE-2022-45061 Python Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| [SECURITY] Fedora 36 Update: python3.9-3.9.16-1.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 37 Update: pypy3.9-7.3.11-1.3.9.fc37 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 37 Update: pypy-7.3.12-3.fc37 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 36 Update: python2.7-2.7.18-23.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160473 Oracle Enterprise Linux Security Update for python3 (ELSA-2023-0833)
- 160484 Oracle Enterprise Linux Security Update for python3.9 (ELSA-2023-0953)
- 160651 Oracle Enterprise Linux Security Update for python38:3.8 and python38-devel:3.8 (ELSA-2023-2763)
- 160687 Oracle Enterprise Linux Security Update for python39:3.9 and python39-devel:3.9 (ELSA-2023-2764)
- 160688 Oracle Enterprise Linux Security Update for python27:2.7 (ELSA-2023-2860)
- 181802 Debian Security Update for python2.7 (DLA 3432-1)
- 182076 Debian Security Update for python3.11 (CVE-2022-45061)
- 199068 Ubuntu Security Notification for Python Vulnerabilities (USN-5767-1)
- 199497 Ubuntu Security Notification for Python Vulnerabilities (USN-5888-1)
- 20342 Oracle Database 21c Critical Patch Update - April 2023
- 241211 Red Hat Update for python3 (RHSA-2023:0833)
- 241226 Red Hat Update for python3.9 (RHSA-2023:0953)
- 241479 Red Hat Update for python27:2.7 (RHSA-2023:2860)
- 241481 Red Hat Update for python38:3.8 and python38-devel:3.8 (RHSA-2023:2763)
- 241507 Red Hat Update for python39:3.9 and python39-devel:3.9 (RHSA-2023:2764)
- 242344 Red Hat Update for rh-python38-python (RHSA-2023:6793)
- 242742 Red Hat Update for python3 (RHSA-2024:0430)
- 283362 Fedora Security Update for mingw (FEDORA-2022-45d2cfdfa4)
- 283405 Fedora Security Update for mingw (FEDORA-2022-3e859b6bc6)
- 283489 Fedora Security Update for python3.8 (FEDORA-2022-e1ce71ff40)
- 283490 Fedora Security Update for python3.7 (FEDORA-2022-fdb2739feb)
- 283499 Fedora Security Update for python3.9 (FEDORA-2022-6f4e6120d7)
- 283506 Fedora Security Update for python3.11 (FEDORA-2022-e6d0495206)
- 283514 Fedora Security Update for python3.8 (FEDORA-2022-6d51289820)
- 283515 Fedora Security Update for python3.8 (FEDORA-2022-18b234c18b)
- 283516 Fedora Security Update for python3.7 (FEDORA-2022-93c6916349)
- 283517 Fedora Security Update for python3.7 (FEDORA-2022-50deb53896)
- 283522 Fedora Security Update for python3.12 (FEDORA-2022-de755fd092)
- 283523 Fedora Security Update for python3.12 (FEDORA-2022-3d7e44dbd5)
- 283524 Fedora Security Update for python3.10 (FEDORA-2022-b2f06fbb62)
- 283525 Fedora Security Update for python3.9 (FEDORA-2022-fd3771db30)
- 283526 Fedora Security Update for python3.9 (FEDORA-2022-6b8b96f883)
- 283529 Fedora Security Update for python3.11 (FEDORA-2022-6ba889e0e3)
- 283552 Fedora Security Update for python3 (FEDORA-2022-dbb811d203)
- 283553 Fedora Security Update for python3 (FEDORA-2022-e699dd5247)
- 283568 Fedora Security Update for python3.6 (FEDORA-2022-fbf6a320fe)
- 283569 Fedora Security Update for python3.6 (FEDORA-2022-bcf089dd07)
- 283581 Fedora Security Update for python2.7 (FEDORA-2023-a990c93ed0)
- 283597 Fedora Security Update for pypy3.8 (FEDORA-2023-78b4ce2f23)
- 283600 Fedora Security Update for pypy3.9 (FEDORA-2023-af5206f71d)
- 283601 Fedora Security Update for pypy3.8 (FEDORA-2023-943556a733)
- 283604 Fedora Security Update for pypy3.9 (FEDORA-2023-097dd40685)
- 283610 Fedora Security Update for python2.7 (FEDORA-2023-f1381c83af)
- 284282 Fedora Security Update for python2.7 (FEDORA-2023-01b481a31e)
- 284284 Fedora Security Update for python3.6 (FEDORA-2022-f321e2cec0)
- 285275 Fedora Security Update for pypy (FEDORA-2023-5460cf6dfb)
- 330132 IBM AIX Denial of Service (DoS) due to Python (python_advisory4)
- 354648 Amazon Linux Security Advisory for python3 : ALAS2-2023-1917
- 354694 Amazon Linux Security Advisory for python3.9 : ALAS2022-2023-273
- 354708 Amazon Linux Security Advisory for python3.10 : ALAS2022-2023-274
- 354792 Amazon Linux Security Advisory for python : ALAS2-2023-1980
- 354857 Amazon Linux Security Advisory for python27 : ALAS-2023-1713
- 354865 Amazon Linux Security Advisory for python38 : ALAS-2023-1714
- 355066 Amazon Linux Security Advisory for python27 : AL2012-2023-390
- 355180 Amazon Linux Security Advisory for python3.9 : ALAS2023-2023-104
- 356170 Amazon Linux Security Advisory for python38 : ALASPYTHON3.8-2023-002
- 356482 Amazon Linux Security Advisory for python38 : ALAS2PYTHON3.8-2023-002
- 502607 Alpine Linux Security Update for python3
- 502608 Alpine Linux Security Update for python3
- 503126 Alpine Linux Security Update for python3
- 504338 Alpine Linux Security Update for python3
- 505926 Alpine Linux Security Update for python3
- 6000019 Debian Security Update for python3.7 (DLA 3477-1)
- 672560 EulerOS Security Update for python3 (EulerOS-SA-2023-1109)
- 672561 EulerOS Security Update for python3 (EulerOS-SA-2023-1133)
- 672594 EulerOS Security Update for python3 (EulerOS-SA-2023-1334)
- 672618 EulerOS Security Update for python3 (EulerOS-SA-2023-1368)
- 672659 EulerOS Security Update for python3 (EulerOS-SA-2023-1396)
- 672677 EulerOS Security Update for python3 (EulerOS-SA-2023-1414)
- 672694 EulerOS Security Update for python3 (EulerOS-SA-2023-1429)
- 672703 EulerOS Security Update for python (EulerOS-SA-2023-1513)
- 674043 EulerOS Security Update for python2 (EulerOS-SA-2023-3149)
- 710714 Gentoo Linux Python, PyPy3 Multiple Vulnerabilities (GLSA 202305-02)
- 752827 SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2022:4258-1)
- 752899 SUSE Enterprise Linux Security Update for python39 (SUSE-SU-2022:4071-1)
- 752921 SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2022:4251-1)
- 752960 SUSE Enterprise Linux Security Update for python (SUSE-SU-2022:4275-1)
- 753742 SUSE Enterprise Linux Security Update for python36 (SUSE-SU-2023:0616-1)
- 753766 SUSE Enterprise Linux Security Update for python39 (SUSE-SU-2023:0707-1)
- 753769 SUSE Enterprise Linux Security Update for python (SUSE-SU-2023:0724-1)
- 753789 SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2023:0549-1)
- 904488 Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (11445)
- 904489 Common Base Linux Mariner (CBL-Mariner) Security Update for python2 (11444)
- 904497 Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (11439)
- 904719 Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (11439-1)
- 906963 Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (11445-1)
- 906969 Common Base Linux Mariner (CBL-Mariner) Security Update for python2 (11444-1)
- 940928 AlmaLinux Security Update for python3 (ALSA-2023:0833)
- 940943 AlmaLinux Security Update for python3.9 (ALSA-2023:0953)
- 941079 AlmaLinux Security Update for python27:2.7 (ALSA-2023:2860)
- 941099 AlmaLinux Security Update for python39:3.9 and python39-devel:3.9 (ALSA-2023:2764)
- 941101 AlmaLinux Security Update for python38:3.8 and python38-devel:3.8 (ALSA-2023:2763)
- 960653 Rocky Linux Security Update for python3 (RLSA-2023:0833)
- 960897 Rocky Linux Security Update for python3.9 (RLSA-2023:0953)