CVE-2012-0845
First published: Mon Feb 13 2012(Updated: )
Description of problem: When using SimpleXMLRPCServer from the standard library, if a client connection is closed before the complete request body has been received the server will enter an infinite loop consuming memory. Version-Release number of selected component (if applicable): python-2.6.6-29.el6.x86_64 How reproducible: always Steps to Reproduce: 1. Start the server: <span class="quote">>>> import SimpleXMLRPCServer, SocketServer >>> class Server(SocketServer.ThreadingMixIn, SimpleXMLRPCServer.SimpleXMLRPCServer): pass</span> ... <span class="quote">>>> Server(('0.0.0.0', 12345)).serve_forever()</span> 2. Simulate a malicious or flakey client: $ echo -e 'POST /RPC2 HTTP/1.0\r\nContent-Length: 100\r\n\r\nlol bye' | nc localhost 12345 ^C Actual results: Server goes nuts, with a thread stuck in an infinite loop eating memory. Expected results: Bad request is discarded. Additional info: The bug is in /usr/lib64/python2.6/SimpleXMLRPCServer.py at line 453: # Get arguments by reading body of request. # We read this in chunks to avoid straining # socket.read(); around the 10 or 15Mb mark, some platforms # begin to have problems (bug #792570). max_chunk_size = 10*1024*1024 size_remaining = int(self.headers["content-length"]) L = [] while size_remaining: chunk_size = min(size_remaining, max_chunk_size) L.append(self.rfile.read(chunk_size)) size_remaining -= len(L[-1]) data = ''.join(L) This code does not correctly handle EOF from self.rfile.read().
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Python Python | <=2.6.7 | |
| Python Python | =0.9.0 | |
| Python Python | =0.9.1 | |
| Python Python | =1.2 | |
| Python Python | =1.3 | |
| Python Python | =1.5.2 | |
| Python Python | =1.6 | |
| Python Python | =1.6.1 | |
| Python Python | =2.0 | |
| Python Python | =2.0.1 | |
| Python Python | =2.1 | |
| Python Python | =2.1.1 | |
| Python Python | =2.1.2 | |
| Python Python | =2.1.3 | |
| Python Python | =2.2 | |
| Python Python | =2.2.1 | |
| Python Python | =2.2.2 | |
| Python Python | =2.2.3 | |
| Python Python | =2.3.1 | |
| Python Python | =2.3.2 | |
| Python Python | =2.3.3 | |
| Python Python | =2.3.4 | |
| Python Python | =2.3.5 | |
| Python Python | =2.3.7 | |
| Python Python | =2.4.1 | |
| Python Python | =2.4.2 | |
| Python Python | =2.4.3 | |
| Python Python | =2.4.4 | |
| Python Python | =2.4.6 | |
| Python Python | =2.5.1 | |
| Python Python | =2.5.2 | |
| Python Python | =2.5.3 | |
| Python Python | =2.5.4 | |
| Python Python | =2.5.6 | |
| Python Python | =2.5.150 | |
| Python Python | =2.6.1 | |
| Python Python | =2.6.2 | |
| Python Python | =2.6.3 | |
| Python Python | =2.6.4 | |
| Python Python | =2.6.5 | |
| Python Python | =2.6.6 | |
| Python Python | =2.6.2150 | |
| Python Python | =2.6.6150 | |
| Python Python | =2.7.1 | |
| Python Python | =2.7.1-rc1 | |
| Python Python | =2.7.2-rc1 | |
| Python Python | =2.7.1150 | |
| Python Python | =2.7.2150 | |
| Python Python | =3.0 | |
| Python Python | =3.0.1 | |
| Python Python | =3.1 | |
| Python Python | =3.1.1 | |
| Python Python | =3.1.2 | |
| Python Python | =3.1.3 | |
| Python Python | =3.1.4 | |
| Python Python | =3.2 | |
| Python Python | =3.2-alpha | |
| Python Python | =3.2.2150 | |
| redhat/python | <2.6.8 | 2.6.8 |
| redhat/python | <2.7.3 | 2.7.3 |
| redhat/python | <3.1.5 | 3.1.5 |
| redhat/python | <3.2.3 | 3.2.3 |
| debian/python2.7 | 2.7.18-8+deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.python.org/issue14001
- http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
- http://python.org/download/releases/2.6.8/
- http://python.org/download/releases/2.7.3/
- http://python.org/download/releases/3.1.5/
- http://python.org/download/releases/3.2.3/
- http://secunia.com/advisories/50858
- http://secunia.com/advisories/51024
- http://secunia.com/advisories/51040
- http://secunia.com/advisories/51087
- http://secunia.com/advisories/51089
- http://www.openwall.com/lists/oss-security/2012/02/13/4
- http://www.securitytracker.com/id?1026689
- http://www.ubuntu.com/usn/USN-1592-1
- http://www.ubuntu.com/usn/USN-1596-1
- http://www.ubuntu.com/usn/USN-1613-1
- http://www.ubuntu.com/usn/USN-1613-2
- http://www.ubuntu.com/usn/USN-1615-1
- http://www.ubuntu.com/usn/USN-1616-1
- https://bugzilla.redhat.com/show_bug.cgi?id=789790
- https://launchpad.net/bugs/cve/CVE-2012-0845
- http://www.openwall.com/lists/oss-security/2012/02/13/3
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=790027
- https://access.redhat.com/security/cve/CVE-2012-0845
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=790358
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=790360
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=790366
- http://hg.python.org/cpython/rev/24244a744d01
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=808303
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=808306
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=808304
- https://rhn.redhat.com/errata/RHSA-2012-0744.html
- http://www.python.org/download/releases/2.6.8/
- http://www.python.org/download/releases/2.7.3/
- http://www.python.org/download/releases/3.1.5/
- http://www.python.org/download/releases/3.2.3/
- https://security-tracker.debian.org/tracker/CVE-2012-0845
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0845
- https://nvd.nist.gov/vuln/detail/CVE-2012-0845
- https://ubuntu.com/security/CVE-2012-0845
- collector/nvd-index
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/weakness
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-0845
- agent/software-canonical-lookup
- agent/description
- collector/nvd-cve
- source/NVD
- agent/references
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/usn-cve
- source/Ubuntu
- vendor/python
- canonical/python python
- version/python python/2.6.7
- version/python python/0.9.0
- version/python python/0.9.1
- version/python python/1.2
- version/python python/1.3
- version/python python/1.5.2
- version/python python/1.6
- version/python python/1.6.1
- version/python python/2.0
- version/python python/2.0.1
- version/python python/2.1
- version/python python/2.1.1
- version/python python/2.1.2
- version/python python/2.1.3
- version/python python/2.2
- version/python python/2.2.1
- version/python python/2.2.2
- version/python python/2.2.3
- version/python python/2.3.1
- version/python python/2.3.2
- version/python python/2.3.3
- version/python python/2.3.4
- version/python python/2.3.5
- version/python python/2.3.7
- version/python python/2.4.1
- version/python python/2.4.2
- version/python python/2.4.3
- version/python python/2.4.4
- version/python python/2.4.6
- version/python python/2.5.1
- version/python python/2.5.2
- version/python python/2.5.3
- version/python python/2.5.4
- version/python python/2.5.6
- version/python python/2.5.150
- version/python python/2.6.1
- version/python python/2.6.2
- version/python python/2.6.3
- version/python python/2.6.4
- version/python python/2.6.5
- version/python python/2.6.6
- version/python python/2.6.2150
- version/python python/2.6.6150
- version/python python/2.7.1
- version/python python/2.7.1-rc1
- version/python python/2.7.2-rc1
- version/python python/2.7.1150
- version/python python/2.7.2150
- version/python python/3.0
- version/python python/3.0.1
- version/python python/3.1
- version/python python/3.1.1
- version/python python/3.1.2
- version/python python/3.1.3
- version/python python/3.1.4
- version/python python/3.2
- version/python python/3.2-alpha
- version/python python/3.2.2150
- package-manager/redhat
- package-manager/debian