ALT-PU-2020-1597-1
Closed vulnerabilities
Published: 2020-09-11
BDU:2021-03740
Уязвимость интерпретатора языка программирования Python, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5)
Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: HIGH (7.1)
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
References:
Published: 2020-01-28
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-8315
In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected.
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
Published: 2020-01-30
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-8492
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.
Severity: HIGH (7.1)
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html
- https://bugs.python.org/issue39503
- https://github.com/python/cpython/pull/18284
- https://lists.apache.org/thread.html/rdb31a608dd6758c6093fd645aea3fbf022dd25b37109b6aaea5bc0b5%40%3Ccommits.cassandra.apache.org%3E
- https://lists.apache.org/thread.html/rfec113c733162b39633fd86a2d0f34bf42ac35f711b3ec1835c774da%40%3Ccommits.cassandra.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WOKDEXLYW5UQ4S7PA7E37IITOC7C56J/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APGWEMYZIY5VHLCSZ3HD67PA5Z2UQFGH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/
- https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html
- https://security.gentoo.org/glsa/202005-09
- https://security.netapp.com/advisory/ntap-20200221-0001/
- https://usn.ubuntu.com/4333-1/
- https://usn.ubuntu.com/4333-2/
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html
- https://bugs.python.org/issue39503
- https://github.com/python/cpython/pull/18284
- https://lists.apache.org/thread.html/rdb31a608dd6758c6093fd645aea3fbf022dd25b37109b6aaea5bc0b5%40%3Ccommits.cassandra.apache.org%3E
- https://lists.apache.org/thread.html/rfec113c733162b39633fd86a2d0f34bf42ac35f711b3ec1835c774da%40%3Ccommits.cassandra.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WOKDEXLYW5UQ4S7PA7E37IITOC7C56J/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APGWEMYZIY5VHLCSZ3HD67PA5Z2UQFGH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/
- https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html
- https://security.gentoo.org/glsa/202005-09
- https://security.netapp.com/advisory/ntap-20200221-0001/
- https://usn.ubuntu.com/4333-1/
- https://usn.ubuntu.com/4333-2/