CVE-2022-45061

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-45061
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45061.json
Aliases
Related
Published
2022-11-09T07:15:09Z
Modified
2023-12-06T01:02:42.228975Z
Details

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.

References

Affected packages

Alpine:v3.14 / python3

Package

Name
python3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.9.16-r0

Affected versions

3.*

3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r3
3.6.0-r3
3.6.1-r3
3.6.2-r3
3.6.3-r3
3.6.4-r3
3.6.6-r3
3.6.7-r3
3.6.8-r3
3.7.2-r3
3.7.3-r3
3.7.4-r3
3.7.5-r3
3.8.0-r3
3.8.1-r3
3.8.2-r3
3.8.3-r3
3.8.4-r3
3.8.5-r3
3.8.6-r3
3.8.7-r3
3.8.8-r3
3.9.1-r3
3.9.2-r3
3.9.4-r3
3.9.5-r3
3.9.15-r3

Alpine:v3.15 / python3

Package

Name
python3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.9.16-r0

Affected versions

3.*

3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r3
3.6.0-r3
3.6.1-r3
3.6.2-r3
3.6.3-r3
3.6.4-r3
3.6.6-r3
3.6.7-r3
3.6.8-r3
3.7.2-r3
3.7.3-r3
3.7.4-r3
3.7.5-r3
3.8.0-r3
3.8.1-r3
3.8.2-r3
3.8.3-r3
3.8.4-r3
3.8.5-r3
3.8.6-r3
3.8.7-r3
3.8.8-r3
3.9.1-r3
3.9.2-r3
3.9.4-r3
3.9.5-r3
3.9.6-r3
3.9.7-r3
3.9.13-r3
3.9.15-r3

Alpine:v3.16 / python3

Package

Name
python3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.10.9-r0

Affected versions

3.*

3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r3
3.6.0-r3
3.6.1-r3
3.6.2-r3
3.6.3-r3
3.6.4-r3
3.6.6-r3
3.6.7-r3
3.6.8-r3
3.7.2-r3
3.7.3-r3
3.7.4-r3
3.7.5-r3
3.8.0-r3
3.8.1-r3
3.8.2-r3
3.8.3-r3
3.8.4-r3
3.8.5-r3
3.8.6-r3
3.8.7-r3
3.8.8-r3
3.9.1-r3
3.9.2-r3
3.9.4-r3
3.9.5-r3
3.9.6-r3
3.9.7-r3
3.10.0-r3
3.10.1-r3
3.10.2-r3
3.10.3-r3
3.10.4-r3
3.10.5-r3
3.10.8-r3

Alpine:v3.17 / python3

Package

Name
python3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.10.9-r0

Affected versions

3.*

3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r3
3.6.0-r3
3.6.1-r3
3.6.2-r3
3.6.3-r3
3.6.4-r3
3.6.6-r3
3.6.7-r3
3.6.8-r3
3.7.2-r3
3.7.3-r3
3.7.4-r3
3.7.5-r3
3.8.0-r3
3.8.1-r3
3.8.2-r3
3.8.3-r3
3.8.4-r3
3.8.5-r3
3.8.6-r3
3.8.7-r3
3.8.8-r3
3.9.1-r3
3.9.2-r3
3.9.4-r3
3.9.5-r3
3.9.6-r3
3.9.7-r3
3.10.0-r3
3.10.1-r3
3.10.2-r3
3.10.3-r3
3.10.4-r3
3.10.5-r3
3.10.6-r3
3.10.7-r3
3.10.8-r3

Alpine:v3.18 / python3

Package

Name
python3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.11.1-r0

Affected versions

3.*

3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r3
3.6.0-r3
3.6.1-r3
3.6.2-r3
3.6.3-r3
3.6.4-r3
3.6.6-r3
3.6.7-r3
3.6.8-r3
3.7.2-r3
3.7.3-r3
3.7.4-r3
3.7.5-r3
3.8.0-r3
3.8.1-r3
3.8.2-r3
3.8.3-r3
3.8.4-r3
3.8.5-r3
3.8.6-r3
3.8.7-r3
3.8.8-r3
3.9.1-r3
3.9.2-r3
3.9.4-r3
3.9.5-r3
3.9.6-r3
3.9.7-r3
3.10.0-r3
3.10.1-r3
3.10.2-r3
3.10.3-r3
3.10.4-r3
3.10.5-r3
3.10.6-r3
3.10.7-r3
3.10.8-r3
3.11.0-r3

Git / github.com/python/cpython

Affected ranges

Type
GIT
Repo
https://github.com/python/cpython
Events
Introduced
fa919fdf2583bdfead1df00e842f24f30b2a34bf
Introduced
9cf6752276e6fcfd0c23fdb064ad27f448aaaf75

Affected versions

v3.*

v3.8.0
v3.8.1
v3.8.10
v3.8.11
v3.8.12
v3.8.13
v3.8.14
v3.8.15
v3.8.16
v3.8.17
v3.8.18
v3.8.1rc1
v3.8.2
v3.8.2rc1
v3.8.2rc2
v3.8.3
v3.8.3rc1
v3.8.4
v3.8.4rc1
v3.8.5
v3.8.6
v3.8.6rc1
v3.8.7
v3.8.7rc1
v3.8.8
v3.8.8rc1
v3.8.9
v3.9.0
v3.9.1
v3.9.10
v3.9.11
v3.9.12
v3.9.13
v3.9.14
v3.9.15
v3.9.16
v3.9.17
v3.9.18
v3.9.1rc1
v3.9.2
v3.9.2rc1
v3.9.3
v3.9.4
v3.9.5
v3.9.6
v3.9.7
v3.9.8
v3.9.9