CVE-2022-36087

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-36087
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36087.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-36087
Aliases
Downstream
Related
Published
2022-09-09T00:00:00Z
Modified
2025-12-04T10:34:39.641757Z
Severity
  • 5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
OAuthLib vulnerable DoS when attacker provides malicious IPV6 URI
Details

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of uri_validate functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly uri_validate are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/36xxx/CVE-2022-36087.json",
    "cwe_ids": [
        "CWE-20"
    ]
}
References

Affected packages

Git / github.com/oauthlib/oauthlib

Affected ranges

Type
GIT
Repo
https://github.com/oauthlib/oauthlib
Events
Introduced
c6037ce5b36145de22df45abe0e96abfa95873ae
Fixed
88bb1562930a9bd9368bf26120655794d90d9585

Affected versions

v3.*

v3.1.1
v3.2.0