CVE-2024-52804

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-52804

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52804.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-52804

Aliases

GHSA-8w49-h785-mj3c

Related

Published

2024-11-22T16:15:34Z

Modified

2025-01-15T05:16:19.172254Z

Summary

[none]

Details

Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue.

References

Affected packages

Debian:11 / python-tornado

Package

Name: python-tornado
Purl: pkg:deb/debian/python-tornado?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.0-1+deb11u1

Affected versions

6.*

6.1.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / python-tornado

Package

Name: python-tornado
Purl: pkg:deb/debian/python-tornado?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.2.0-3+deb12u1

Affected versions

6.*

6.2.0-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / python-tornado

Package

Name: python-tornado
Purl: pkg:deb/debian/python-tornado?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.2-1

Affected versions

6.*

6.2.0-3

6.3.2-1

6.4.0-1

6.4.0-2

6.4.1-1

6.4.1-2

6.4.1-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/tornadoweb/tornado

Affected ranges

Type: GIT
Repo: https://github.com/tornadoweb/tornado
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d5ba4a1695fbf7c6a3e54313262639b198291533

Affected versions

v1.*

v1.0.0

v1.1.0

v1.1.1

v1.2.0

v1.2.1

v2.*

v2.0.0

v2.1.0

v2.1.1

v2.2.0

v2.2.1

v2.3.0

v2.4.0

v2.4.1

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.1.0

v3.1.1

v3.2.0

v3.2.0b1

v3.2.0b2

v3.2.1

v3.2.2

v4.*

v4.0.0

v4.0.0b1

v4.0.0b2

v4.0.0b3

v4.0.1

v4.0.2

v4.1.0

v4.1.0b1

v4.1.0b2

v4.2.0

v4.2.0b1

v4.2.1

v4.3.0

v4.3.0b1

v4.3.0b2

v4.4.0

v4.4.0b1

v4.4.1

v4.4.2

v4.4.3

v4.5.0

v4.5.1

v4.5.2

v4.5.3

v5.*

v5.0.0

v5.0.1

v5.1.0

v5.1.0b1

v6.*

v6.0.0

v6.0.0b1

v6.1.0

v6.1.0b1

v6.1.0b2

v6.2.0

v6.2.0b1

v6.2.0b2

v6.3.0

v6.3.0b1

v6.3.1

v6.4.0

v6.4.0b1

v6.4.1