First published: Wed Nov 09 2022(Updated: )
A vulnerability was discovered in Python. A quadratic algorithm exists when processing inputs to the IDNA (RFC 3490) decoder, such that a crafted unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor, which could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied hostname.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/python3 | <0:3.6.8-48.el8_7.1 | 0:3.6.8-48.el8_7.1 |
redhat/python3.9 | <0:3.9.14-1.el9_1.2 | 0:3.9.14-1.el9_1.2 |
IBM Cloud Pak for Security | <=1.10.0.0 - 1.10.11.0 | |
IBM QRadar Suite Software | <=1.10.12.0 - 1.10.16.0 | |
redhat/python | <3.11.1 | 3.11.1 |
redhat/python | <3.10.9 | 3.10.9 |
redhat/python | <3.9.16 | 3.9.16 |
redhat/python | <3.8.16 | 3.8.16 |
redhat/python | <3.7.16 | 3.7.16 |
ubuntu/python2.7 | <2.7.17-1~18.04ubuntu1.10 | 2.7.17-1~18.04ubuntu1.10 |
ubuntu/python2.7 | <2.7.6-8ubuntu0.6+ | 2.7.6-8ubuntu0.6+ |
ubuntu/python2.7 | <2.7.12-1ubuntu0~16.04.18+ | 2.7.12-1ubuntu0~16.04.18+ |
ubuntu/python3.10 | <3.10.6-1~22.04.2 | 3.10.6-1~22.04.2 |
ubuntu/python3.10 | <3.10.7-1ubuntu0.2 | 3.10.7-1ubuntu0.2 |
ubuntu/python3.11 | <3.11.1 | 3.11.1 |
ubuntu/python3.5 | <3.5.2-2ubuntu0~16.04.13+ | 3.5.2-2ubuntu0~16.04.13+ |
ubuntu/python3.6 | <3.6.9-1~18.04ubuntu1.9 | 3.6.9-1~18.04ubuntu1.9 |
ubuntu/python3.8 | <3.8.10-0ubuntu1~20.04.6 | 3.8.10-0ubuntu1~20.04.6 |
ubuntu/python3.9 | <3.9.5-3ubuntu0~20.04.1+ | 3.9.5-3ubuntu0~20.04.1+ |
debian/python2.7 | <=2.7.16-2+deb10u1<=2.7.18-8+deb11u1 | 2.7.16-2+deb10u4 |
debian/python3.11 | 3.11.2-6 3.11.8-1 3.11.9-1 | |
debian/python3.7 | <=3.7.3-2+deb10u3 | 3.7.3-2+deb10u7 |
debian/python3.9 | <=3.9.2-1 | |
Python Python | <=3.7.15 | |
Python Python | >=3.8.0<=3.8.15 | |
Python Python | >=3.9.0<=3.9.15 | |
Python Python | >=3.10.0<=3.10.8 | |
Python Python | =3.11.0 | |
Python Python | =3.11.0-alpha1 | |
Python Python | =3.11.0-alpha2 | |
Python Python | =3.11.0-alpha3 | |
Python Python | =3.11.0-alpha4 | |
Python Python | =3.11.0-alpha5 | |
Python Python | =3.11.0-alpha6 | |
Python Python | =3.11.0-alpha7 | |
Python Python | =3.11.0-beta1 | |
Python Python | =3.11.0-beta2 | |
Python Python | =3.11.0-beta3 | |
Python Python | =3.11.0-beta4 | |
Python Python | =3.11.0-beta5 | |
Python Python | =3.11.0-rc1 | |
Python Python | =3.11.0-rc2 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 | |
Fedoraproject Fedora | =37 | |
Netapp Active Iq Unified Manager Vmware Vsphere | ||
Netapp Active Iq Unified Manager Windows | ||
Netapp E-series Performance Analyzer | ||
Netapp Element Software | ||
Netapp Hci | ||
Netapp Management Services For Element Software | ||
NetApp ONTAP Select Deploy administration utility | ||
Netapp Bootstrap Os | ||
Netapp Hci Compute Node | ||
All of | ||
Netapp Bootstrap Os | ||
Netapp Hci Compute Node |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2022-45061 is a vulnerability discovered in Python before 3.11.1 that allows for a CPU denial of service when processing certain inputs to the IDNA decoder.
CVE-2022-45061 is considered a high severity vulnerability with a CVSS severity score of 7.0.
The affected software includes Python versions 3.6.8-48.el8_7.1, 3.9.14-1.el9_1.2, and versions 3.10.0 to 3.10.8.
To fix CVE-2022-45061, upgrade to Python version 3.11.1 or apply the provided patches.
You can find more information about CVE-2022-45061 in the references provided: [link1](https://github.com/python/cpython/issues/98433), [link2](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2144417), [link3](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2144426).