First published: Wed Nov 09 2022(Updated: )
A vulnerability was discovered in Python. A quadratic algorithm exists when processing inputs to the IDNA (RFC 3490) decoder, such that a crafted unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor, which could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied hostname.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/python3 | <0:3.6.8-48.el8_7.1 | 0:3.6.8-48.el8_7.1 |
redhat/python3.9 | <0:3.9.14-1.el9_1.2 | 0:3.9.14-1.el9_1.2 |
redhat/python | <3.11.1 | 3.11.1 |
redhat/python | <3.10.9 | 3.10.9 |
redhat/python | <3.9.16 | 3.9.16 |
redhat/python | <3.8.16 | 3.8.16 |
redhat/python | <3.7.16 | 3.7.16 |
Python Python | <=3.7.15 | |
Python Python | >=3.8.0<=3.8.15 | |
Python Python | >=3.9.0<=3.9.15 | |
Python Python | >=3.10.0<=3.10.8 | |
Python Python | =3.11.0 | |
Python Python | =3.11.0-alpha1 | |
Python Python | =3.11.0-alpha2 | |
Python Python | =3.11.0-alpha3 | |
Python Python | =3.11.0-alpha4 | |
Python Python | =3.11.0-alpha5 | |
Python Python | =3.11.0-alpha6 | |
Python Python | =3.11.0-alpha7 | |
Python Python | =3.11.0-beta1 | |
Python Python | =3.11.0-beta2 | |
Python Python | =3.11.0-beta3 | |
Python Python | =3.11.0-beta4 | |
Python Python | =3.11.0-beta5 | |
Python Python | =3.11.0-rc1 | |
Python Python | =3.11.0-rc2 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 | |
Fedoraproject Fedora | =37 | |
Netapp Active Iq Unified Manager Vmware Vsphere | ||
Netapp Active Iq Unified Manager Windows | ||
Netapp E-series Performance Analyzer | ||
Netapp Element Software | ||
Netapp Hci | ||
Netapp Management Services For Element Software | ||
NetApp ONTAP Select Deploy administration utility | ||
Netapp Bootstrap Os | ||
Netapp Hci Compute Node | ||
IBM Cloud Pak for Security | <=1.10.0.0 - 1.10.11.0 | |
IBM QRadar Suite Software | <=1.10.12.0 - 1.10.16.0 | |
All of | ||
Netapp Bootstrap Os | ||
Netapp Hci Compute Node | ||
debian/pypy3 | <=7.3.5+dfsg-2+deb11u2 | 7.3.5+dfsg-2+deb11u4 7.3.11+dfsg-2+deb12u2 7.3.17+dfsg-3 |
debian/python2.7 | <=2.7.18-8+deb11u1 | |
debian/python3.11 | 3.11.2-6+deb12u4 3.11.2-6+deb12u3 | |
debian/python3.9 | <=3.9.2-1 | 3.9.2-1+deb11u2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2022-45061 is a vulnerability discovered in Python before 3.11.1 that allows for a CPU denial of service when processing certain inputs to the IDNA decoder.
CVE-2022-45061 is considered a high severity vulnerability with a CVSS severity score of 7.0.
The affected software includes Python versions 3.6.8-48.el8_7.1, 3.9.14-1.el9_1.2, and versions 3.10.0 to 3.10.8.
To fix CVE-2022-45061, upgrade to Python version 3.11.1 or apply the provided patches.
You can find more information about CVE-2022-45061 in the references provided: [link1](https://github.com/python/cpython/issues/98433), [link2](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2144417), [link3](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2144426).